Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: for-q-clinton
Yawn. We've been over this before, but let me point out again, the number of "vulnerabilities" is a meaningless metric. It is the severity of each vulnerability and the difference between whether it is a potential or actual vulnerability that matters.

When simply counting numbers, it makes no distinction between "wide open, gaping hole that lets a remote user take over your entire machine" and "may be able to read private data if the attacker has already gained access to the machine". But those are radically different security threats.

Oh, and this is a laugher, too:

The primary vulnerabilities on PCs are not due to Microsoft programs, but rather third-party programs
But those third party programs are exposing holes in the underlying OS protection. Besides, it also fails to note that most Mac "vulnerabilities" are due to the third-party BSD Unix system that Mac OS X is built on, many of which's utilities are rarely, if ever, used by most desktop users.
24 posted on 07/22/2010 8:17:13 AM PDT by kevkrom (De-fund Obamacare in 2011, repeal in 2013!)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: kevkrom
But those third party programs are exposing holes in the underlying OS protection.

Safari is 3rd party? I thought Apple created Safari For three years in a row Safari has led to OSX being the first machine hacked in the pawn2own contest. I guess if that's 3rd party IE must be 3rd party for windows as well.

Windows 7 more secure than Snow Leopard

33 posted on 07/22/2010 8:42:51 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 24 | View Replies ]
To: kevkrom; for-q-clinton
Yawn. We've been over this before, but let me point out again, the number of "vulnerabilities" is a meaningless metric. It is the severity of each vulnerability and the difference between whether it is a potential or actual vulnerability that matters.

Exactly. The report from Secunia points this out explicitly with the following comment:

The above graph is not an indication of the individual vendors’ security, as it is not possible to compare the vendors based on number of vulnerabilities alone. To assess the “performance” of vendors in terms of vulnerabilities one should rather look at the changes in the type of vulnerabilities, code quality, handling of vulnerability reports, ability to update users, quality of patches, ability to communicate to end users, number of products, complexity of product portfolio, and other factors which cannot be read out of mere aggregate numbers.
Simply quoting raw numbers measuring one narrow graph is meaningless. It is necessary to take all the rest of those factors into consideration.
69 posted on 07/22/2010 10:26:23 AM PDT by stripes1776
[ Post Reply | Private Reply | To 24 | View Replies ]
To: kevkrom; for-q-clinton
Yawn. We've been over this before, but let me point out again, the number of "vulnerabilities" is a meaningless metric. It is the severity of each vulnerability and the difference between whether it is a potential or actual vulnerability that matters.

I'd agree in general; however, Apple released a patch just a few weeks ago that contained something like 35 arbitrary code execution vulnerabilities in their Safari browser. ACE holes are particularly nasty, as the hacker can end up doing anything they want. And with those holes being in Safari, it means simply browsing to a website could compromise your entire system.

107 posted on 07/22/2010 2:11:16 PM PDT by PugetSoundSoldier (Indignation over the Sting of Truth is the defense of the indefensible)
[ Post Reply | Private Reply | To 24 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson