CERT Stats Under Fire
Linux supporters have roundly criticized a recent report from the United States Computer Emergency Readiness Team (CERT), which reported that during 2005, Linux and Unix combined had 2,328 vulnerabilities, compared with 812 vulnerabilities for Microsoft Windows.
Linux practitioners say the counts are skewed because they count the same vulnerability each time it appeared last year in any given Linux distribution. By doing this, they say, one bug could actually show up in the list dozens of times, depending on the number of Linux variants it appeared in. The CERT stats also appear to include problems with scripting languages such as PHP or even applications that are not part of the core Linux operating system but instead are used with it.
By Johanna Ambrosio at InformationWeek
[ Read more ]