Language Selection

English French German Italian Portuguese Spanish

Red Hat and Firefox more buggy than Microsoft?

Filed under
Security

Secunia has found that the number of security bugs in the open source Red Hat Linux operating system and Firefox browsers far outstripped comparable products from Microsoft last year.

Out of the operating systems monitored by Secunia - Windows (98 and onwards), Mac OS X, HP-UX 10.x and 11.x, Solaris 8, 9, and 10 and Red Hat (excluding Fedora) - Red Hat was found to have by far the most vulnerabilities, at 633, with 99 percent found in third-party components. (Linux distributions are generally composed mostly of third-party software, which is integrated by the distributor.)

Red Hat has taken issue with the figures, claiming the accurate number should be 404 vulnerabilities for last year.

Windows had only 123 bugs reported, but 96 percent of those were found in the operating system itself.

More Here




Red Hat bugs - another open source PR hit?

Red Hat and Firefox are reported to have more bugs in them than their Microsoft equivalents. But the truth is, as always, more complex. And once again, security is shown as a key point where rival approaches are bidding to distinguish themselves.

Secunia reported the discrpancy, stating in its 2007 Report that Red Hat had 633 flaws, compared with Windows' 123. However, Red Hat's Mark Cox quickly pointed out in a blog that a) the number was wrong, Cool it counted flaws in all the third party products associated with Red Hat's OS, and worst of all c) it counted several bugs six times, since it added up fixes made for the same bug, on multiple Red Hat products.

The interesting thing is why Secunia would push this story at all.

More Here

Firefox is fixed faster

Counting security vulnerabilities to compare the security of different software projects is flawed. It is only a useful metric if you are comparing a project to itself over time. I’ve discussed this topic here and here. It’s even more ridiculous to try and compare an open source bug count to a closed source project because you can see all the bugs in an open source project. You can only see the publicly found security issues for a closed source product, like Internet Explorer.

So what is interesting in the Techworld article is the measures of real risk to users:

More Here

Good additions there

When I saw the headline I was going to post these rebuttal articles too, but you beat me to it. Nice review of MEPIS BTW...

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

KDE Leftovers

  • 7 Things to do After Installing KDE Plasma
    Even for other Linux users, KDE Plasma can seem like a different operating system. Except for a few standards like LibreOffice, the apps are different, and so is the design philosophy, which tends to cram in every possible feature. As a result, once they install, users are likely to wonder what to do next.
  • KDE Framworks 5 Content Snap Techno
    In the previous post on Snapping KDE Applications we looked at the high-level implication and use of the KDE Frameworks 5 content snap to snapcraft snap bundles for binary distribution. Today I want to get a bit more technical and look at the actual building and inner workings of the content snap itself. The KDE Frameworks 5 snap is a content snap. Content snaps are really just ordinary snaps that define a content interface. Namely, they expose part or all of their file tree for use by another snap but otherwise can be regular snaps and have their own applications etc. KDE Frameworks 5’s snap is special in terms of size and scope. The whole set of KDE Frameworks 5, combined with Qt 5, combined with a large chunk of the graphic stack that is not part of the ubuntu-core snap. All in all just for the Qt5 and KF5 parts we are talking about close to 100 distinct source tarballs that need building to compose the full frameworks stack. KDE is in the fortunate position of already having builds of all these available through KDE neon. This allows us to simply repack existing work into the content snap. This is for the most part just as good as doing everything from scratch, but has the advantage of saving both maintenance effort and build resources.
  • Calligra 3.0 Is Ready As A Qt5 / KDE Frameworks 5 Office Suite
    It's been quite a while since last having anything to report on the KDE Calligra open-source graphics/office suite while surprisingly this morning it was pleasant to see Calligra 3.0 tagged for release.
  • KDE Applications 16.12 Up to Release Candidate State, Final Arrives December 15
    The KDE development team was proud to announce the availability of the Release Candidate (RC) build of the upcoming KDE Applications 16.12 software suite for the KDE Plasma 5 desktop environment. Work on KDE Applications 16.12 started about a month ago, on November 10, when the third and last maintenance update of the current stable KDE Applications 16.08 release was announced, marking the end of life of the series. Until today, KDE Applications 16.12 received a Beta development version, tagged as build 16.11.80, and now we're seeing the Release Candidate, tagged as build 16.11.90.

64-bit Raspberry Image and OpenStack at SUSE

  • openSUSE Leap 42.2 gets 64-bit Raspberry Image
    The latest release from openSUSE has new images available for the Raspberry Pi and joins SUSE Linux Enterprise Server for Raspberry Pi in becoming the initial distributions with 64-bit for the Raspberry Pi 3. The 64-bit image of openSUSE Leap 42.2 for the Raspberry Pi 3 has been out for a couple weeks. “The ARM and AArch64 Images for openSUSE Leap 42.2 are not a once-only release,” said Dirk Mueller. “They get continuously updated and include fixes as the Leap 42.2 port matures over time. These are the first usable images, and more variants with more fixes will come over time.”
  • OpenSUSE Leap 42.2 Does A 64-bit Spin For The Raspberry Pi 3
    Following SUSE Linux Enterprise Server as being available in a 64-bit edition catered to the Raspberry Pi 3, openSUSE developers have now released a 64-bit image of Leap 42.2 for the RPi3.
  • http://ostatic.com/blog/suse-buys-hpes-openstack-and-cloud-foundry-assets-talent
    Back in November, the Cloud Foundry Foundation, home of an industry-standard platform for cloud applications, announced that SUSE had increased its engagement and support of Cloud Foundry by becoming a Platinum member. Now, SUSE has entered into an agreement with Hewlett Packard Enterprise (HPE) to acquire technology and talent that will expand SUSE's OpenStack Infrastructure-as-a-Service (IaaS) solution. In addition, the company announced that it will accelerate its entry into the growing Cloud Foundry Platform-as-a-Service (PaaS) market, and said that the acquired OpenStack assets will be integrated into SUSE OpenStack Cloud.

Pico-ITX SBC runs Ubuntu on Braswell

DFI announced an Intel Braswell based “BW051” Pico-ITX SBC with up to 8GB DDR3L, mini-PCIe, SATA 3.0, mSATA, and Linux support. DFI, which earlier this year tapped Intel’s “Braswell” generation of SoCs for its BW968 COM Express Compact Type 6 module, has now chosen Braswell for a Pico-ITX SBC. The 100 x 72mm BW051 ships with 4-6W Braswell processors including dual or quad-core Celeron models, the quad-core 1.6GHz Pentium N3710, and quad-core, 1.04GHz Atom x5-E8000. Read more

Shuttleworth Foundation/Mozilla Foundation Overlap

  • Helen Turvey Joins the Mozilla Foundation Board of Directors
    Today, we’re welcoming Helen Turvey as a new member of the Mozilla Foundation Board of Directors. Helen is the CEO of the Shuttleworth Foundation. Her focus on philanthropy and openness throughout her career makes her a great addition to our Board. Throughout 2016, we have been focused on board development for both the Mozilla Foundation and the Mozilla Corporation boards of directors. Our recruiting efforts for board members has been geared towards building a diverse group of people who embody the values and mission that bring Mozilla to life. After extensive conversations, it is clear that Helen brings the experience, expertise and approach that we seek for the Mozilla Foundation Board.
  • Why I’m joining Mozilla’s Board, by Helen Turvey
    For the last decade I have run the Shuttleworth Foundation, a philanthropic organisation that looks to drive change through open models. The FOSS movement has created widely used software and million dollar businesses, using collaborative development approaches and open licences. This model is well established for software, it is not the case for education, philanthropy, hardware or social development.