[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] windows linux final study

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] windows linux final study
From: Joerg Kurz <joe_k@xxxxxx>
Date: Tue, 29 Mar 2005 14:53:21 +0200

(...) Look beyond that and think out loud about the second part of the original paragraph quoted:

per vulnerability for the Windows solution, 69.6 days of risk per vulnerability for the minimal Linux solution and 71.4 days of risk for the default Linux solution.

So now there is a difference in patch cycle between "minimal linux" and "default linux"? Can anyone cite a source for any linux vendor that makes this distinction between install types AND releases patches on a different cycle for them? How far do you have to take word mincing to make this statement true?

jericho (...)

Although agreeing with you in most of the other points, I have to add that the difference in the days of risk results most probably from the averaging:

Example:
patch 1: 50 days
patch 2: 60 days
patch 3: 70 days
full installation contains: all patches = 60 days / patch
minimal installation contains: patch 1 & 2  = 55 days /patch

-jk


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- RE: [Full-disclosure] windows linux final study
  - From: ChrisDay
- RE: [Full-disclosure] windows linux final study
  - From: security curmudgeon

Prev by Date: Re: [Full-disclosure] Hacked: Who Else Is Using Your Computer?
Next by Date: Re: RES: [Full-disclosure] CISSP Test
Previous by thread: Re: [Full-disclosure] windows linux final study
Next by thread: Re: [Full-disclosure] windows linux final study
Index(es):
- Date
- Thread