Get on-the-go access to the latest insights featured on our Trustworthy Computing blogs.
This post is dedicated to n00dles, for daring to ask for even more detail ;-) and should be considered as an addendum to Windows vs Linux - Workstation Comparison - Q3 2006. Same caveats apply:
n00dles wondered how the picture looked if you just looked at High Severity, Remotely Exploitable vulnerabilities. Could it be possible that I was omitting an angle that would put Windows in a worse light? (n00dles didn't imply that, but I like the dramatic build up) Surely, with all of those optional server components excluded from Linux, many of the vulnerabilities would fall in the category of Locally exploitable? Let's see.
First, let's look at the quarter. Windows had 12, Red Hat had 31, and Ubuntu had 14.
Next, let's look at the High, Remote vulnerabilities per day for the year. (Note that Vw doesn't add any value since we're explicitly excluding Medium and Low, so we're just dividing the vuln count by the days in the period.) We need to normalize by days since Ubuntu has only been available since June 1. The figure below charts the High, Remote vulns fixed per day for the three workstation products.
Finally, let's look at one more chart that shows the High, Remote vulns per day for the Lifetime of the products. Obviously, Ubuntu's will be the same as before, but note that Red Hat's rate stays exactly the same as well and Windows XP drops only slightly to 0.10 from 0.11.
There you go, n00dles!