What color is the sky in Microsofts world? Green?
In a recent eWEEK story by Peter Galli, Bill Hilf, who is director of Microsofts Platform Technology Strategy and heads its Linux and open-source lab, said that “patching, particularly for security, is not a Microsoft problem, but something that affects all operating system and platform vendors.”
Fair enough. Everyone has security problems, everyone has patches. But claiming, as Hilf does, that Microsofts patching is somehow better than that of the major Linux distributions is complete nonsense.
As Mark Cox, security response team leader at Red Hat, points out in the story, simply measuring the number of patches is meaningless.
“Although we shipped 168 security advisories for RHEL4 in the year, only 17 of the underlying vulnerabilities were of critical severity [using the same scales as Microsoft for vulnerability severity],” Cox told Galli.
Of those 17 critical vulnerabilities, Red Hat made fixes for every one of them available to customers via the Red Hat Network within two days of the vulnerabilities being known to the public, with 87 percent of them being available the first day.
I might add, I cant think of a single security hole for Red Hat or any other Linux distribution in the last year or so that actually meant anything in the real world.
Now, lets consider Microsofts recent record, shall we?