Does anyone know of any good comparison between OSs? I imagine the number of known vulnerabilities ar a function of the OSs age, installed services, etc. Controlling for those variables might be difficult. A few weeks ago I compared the "high" severity vunerabilities ICAT reported for Windows NT/2000, Red Hat 7, Solaris 8, and Open BSD 8 -- all the OS's scored about 14 to 15 except Open BSD, which was 8. I know that the scoring is far from scientific for many reasons. On the other hand, I also scored IIS and Apache...'nuff said.

With that said, is there any good, comprehensive, publicly available metric for software quality, particularly as it pertains to security issues?

---------- Original Message ----------------------------------
From: Paul Heinlein <heinleinmeasurecast.com>
Date: Mon, 24 Sep 2001 08:20:00 -0700 (PDT)

>> http://www.techrepublic.com/article.jhtml?id=r00220010917mco01.htm
>
>This is trolling for hits. A typical Linux distribution includes all
>sorts of server software not included with Windows -- SMTP, POP, IMAP,
>news, LDAP, web cacheing/proxy, RDBMS -- plus loads of clients. The

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]