This makes no mention of the severity of the vulnerabilities. More vulnerabilities does not mean less secure.
These are also the detected vulnerabilities, but what of the actual number of vulnerabilities? You could argue Linux has more vulnerabilities simply because there is more people looking for them.
All great points. I was hoping I wasn't taking crazy pills reading over this article -- thanks for recentering the discussion outside of "count of vulnerabilities."
To your point, if I have 3 vulnerabilities and another program has 3,000, both counts are immaterial if vulnerability includes everything from "can observe encrypted traffic occurs" to "wide open access."
The article considers Debian Linux one item for the list, yet treats each version of Windows as separate. In their 20 year chart, all versions of Windows adds up to 4865 to Debian's 3067.
Otherwise, we have to split up Debian by version, or at least only count the versions since Windows 10 was released. For example, the chart showing just 2019 shows Debian with 360 and Windows 10 with 357, essentially neck and neck.
If you look at the vendors charts, you'll see that Microsoft is clearly in the lead.
> However, Linux experienced the most reported vulnerabilities per product at 139.4, which is likely because the software company is relatively young and has fewer products. However, Linux is projected to grow and may soon join the likes of Cisco...
This is wrong for a different reason than about Linux. The Debian vulnerabilities include all software distributed by Debian -- that is, as of current count, 149.009 different packages. It then compares this number to the vulnerabilities distributed by Windows... just the operating system.
For that matter, it separately breaks out Firefox -- which receives published vulnerabilities in Debian itself!
I'm curious what software they're counting as "Debian." Are they counting the way OpenBSD reckons--"Only two remote holes in the default install, in a heck of a long time!"--key word being "default install." Or are they counting the combined vulnerabilities in Debian's 59,000+ packages? Debian is a lot more than an OS, it is a project to vet and distribute a helluva lot of free software.
Seeing as how the list says it starts back in 1999 and Ubuntu didn't even come out until 2006; and is fucking based on Debian... I can quite positively state:
13 comments
[ 3.7 ms ] story [ 41.0 ms ] threadThese are also the detected vulnerabilities, but what of the actual number of vulnerabilities? You could argue Linux has more vulnerabilities simply because there is more people looking for them.
To your point, if I have 3 vulnerabilities and another program has 3,000, both counts are immaterial if vulnerability includes everything from "can observe encrypted traffic occurs" to "wide open access."
Otherwise, we have to split up Debian by version, or at least only count the versions since Windows 10 was released. For example, the chart showing just 2019 shows Debian with 360 and Windows 10 with 357, essentially neck and neck.
If you look at the vendors charts, you'll see that Microsoft is clearly in the lead.
Does the author realize Linux isn't a company?
For that matter, it separately breaks out Firefox -- which receives published vulnerabilities in Debian itself!
All told, this article is questionable, at best.
this article is 100% bullshit.
The author (editor?) is comparing 20 years of Debian to one release of Windows.
Not worth the waste of time to get everyone riled up about how bad this piece is.