|
· Föderation DE So 04.08.2024 11:54:46 Statistiken, die quelloffene mit Closed-Source-Software hinsichtlich der Sicherheit vergleichen, können vom Hersteller der Closed-Source-Software beliebig manipuliert werden. Hier gilt noch mehr als anderswo: Traue nur der Statistik, die du selbst gefälscht hast! |
|
Föderation DE So 04.08.2024 12:17:14 @christian @j_r @willyneuhaus Hier ein valider Kommentar aus Reddit: "For Linux, every CVE is a public CVE. Sometimes core dev's are alerted first, and a CVE is not published until a patch is in place, but no matter what a CVE is made. For Windows only publicly disclosed problems, or ones deemed worth disclosing by MS get CVE's. This means internally discovered CVEs, or ones that MS is discreetly informed of never get a CVE." https://www.reddit.com/r/linux/comments/11tfupm/ms_poweruser_claim_windows_10_has_fewer/ |
|
Föderation DE So 04.08.2024 12:29:55 @marzlberger That reminds me of the complaint that security researchers are CVE-Spamming Linux: https://news.risky.biz/risky-biz-news-the-linux-cna-mess/ EDIT: and that the Linux CNA doesn’t make that better, but rather churns out CVEs. Sadly I don’t find the article anymore which described that having found CVEs can be important for payment of security researchers, so the flaw goes deeper than just to Linux. It rather points to a problem of performance metrics: https://www.draketo.de/english/science/quality-assurance |
