cron to Cybersecurity - Memes@lemmy.world · 4 months agoWe're probably not the only ones running outdated softwareimagemessage-square45fedilinkarrow-up1388arrow-down16file-text
arrow-up1382arrow-down1imageWe're probably not the only ones running outdated softwarecron to Cybersecurity - Memes@lemmy.world · 4 months agomessage-square45fedilinkfile-text
minus-squareben_dover@lemmy.mllinkfedilinkarrow-up5·edit-24 months agoyes and no. if you look at the number of reported CVEs, debian takes the crown of all operating systems. still feeling more secure on linux than any closed source system
minus-squareOhNoMoreLemmy@lemmy.mllinkfedilinkarrow-up3·4 months agoYeah, that’s because there’s an entire cottage industry of people scraping old bug reports, and linter errors to create CVEs they can sell to customers worrying about security. It creates a huge number of false positives. E.g. see https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ I think any measure that is looking at a raw count is going to be meaningless. Particularly, comparing raw counts between open and closed software.
yes and no. if you look at the number of reported CVEs, debian takes the crown of all operating systems. still feeling more secure on linux than any closed source system
Yeah, that’s because there’s an entire cottage industry of people scraping old bug reports, and linter errors to create CVEs they can sell to customers worrying about security. It creates a huge number of false positives. E.g. see https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
I think any measure that is looking at a raw count is going to be meaningless. Particularly, comparing raw counts between open and closed software.