Linux vendors attack analyst report

Linux vendors Debian, Mandrake, Red Hat, and SuSE have hit back at research which claims that Linux and Microsoft products are both secure.

In a report released late last month entitled Is Linux more Secure than Windows?, analyst Forrester said: "Microsoft gets a bad rap for security, while many believe that Linux is relatively secure.

"A fair assessment? Not really: After collecting a year's worth of vulnerability data, Forrester's analysis shows that both Windows and four key Linux distributions can be deployed securely."

But now the Linux distributors are criticising the report, arguing that as it treats all vulnerabilities as equal it has limited real-world value for customers.

In a statement Debian, MandrakeSoft, Red Hat and SuSE said: "While the Linux vulnerability data that is the basis for the report is considered to be sufficiently accurate and useful we are concerned about the correctness of the conclusions made in the report."

The companies said they evaluate each flaw to determine the priority at which a fix for a vulnerability is to be worked. "Our users will know that for critical flaws we can respond within hours.

"This prioritisation means that lower severity issues will often be delayed to let the more important issues get resolved first."

The Linux companies claimed the analyst failed to take this into account when measuring the time between the public knowledge of a security flaw and the availiability of a vendor's fix.

"Not all vulnerabilities have an equal impact on all users," they warned.

"We believe the report does not treat the open source vendors and single closed source vendor in the same way. Open source software is known for its variety and its freedom of choice amongst the standards it defines.

"Multiple implementations of these standards are typically offered for both desktop and server use, which gives users the freedom to select software based on their own criteria rather than those of the vendor."

See also:

The Open Debate

The pros and cons of Windows and Linux in enterprise IT  12 May 2004

Linux/Windows security debate rolls on

No overall winner as analysts ponder pros and cons of both operating systems  23 Apr 2004

Hackers hit university supercomputers

Stanford among academic targets for attack on Linux and Solaris machines  14 Apr 2004

Analyst questions Gates's security claims

Microsoft chief accused of 'different way of counting' over Windows security alerts  05 Apr 2004

Bug exposes Linux users

Linux users warned on kernel vulnerability  11 Mar 2004

IBM and SuSE win key Linux security cert

Certification to further boost uptake in US government departments  22 Jan 2004

Security fears push users to open source

CIOs look seriously at Linux for the desktop as Microsoft's security problems continue  05 Dec 2003

Security fears hit Microsoft sales figures

Software giant's shares fall amid security worries  29 Oct 2003

Microsoft faces up to security obligations

We must inspire customer trust, chief executive tells partners  15 Oct 2003

Like this story? Spread the news by clicking below:

 del.icio.us     Digg this     reddit!