George Toft wrote:
>
> So here I was, surfing Security Focus, and I noticed they track every
> vulnerability for Windows, Solaris, and Linux. I put this page
> together:
> http://georgetoft.com/security/survey/index.shtml
> to count the vulnerabilities. Why spend 5 minutes counting when I can
> write a script in an hour to do the same thing? Because it is as
> current as Security Focus.
>
> Interesting numbers - they directly contradict Microsoft's statements
> about their security. No Linux bias here, nosiree! That's why I
> chose a vendor-neutral site for my data.
hmmm... are there any statiticians out there who could suggest a decient
set of metrics that normalizes the number of vulnerabilities over time?
something like
OS Raw_Count Years_in_service
vulnerability_index (v/year)
Microsoft Windows 2000: 172 1.5 114.67
Solaris 162 7.0 23.14
...
It would also be nice if you could plot the frequency of vulnerabilities
over time and compare a single graph...
EBo --
(text/plain)