Bugtraq mailing list archives
Re: LAMP vs Microsoft
From: Bob Beck <beck () bofh cns ualberta ca>
Date: Mon, 10 Jul 2006 11:50:54 -0600
If the number of vulnerabilities is graphed over time, is either heading down or both heading up or...? - I'm not asking for a "who's better", I just want to know if anyone has a good set of numbers and if they're graphed for easy comparison. p.s. LAMP = Linux/Apache/MySQL/PHP
Yes, but what are you hoping to prove with those numbers. I think all you're demonstrating is what things get more attention, likely due to their popularity, so they make a more interesting target. I.E. just because you don't find hardly any vulnerabilities for web apps deployed using ANFC (ANFC == AIX, NetCat, Flat Files, and C (please sir can I have another..)[1]) doens't mean those that are aren't rife with them. It's like all the people running around running OSX thinking how secure it is because there aren't many published vulnerabilities. Don't get me wrong, I actually do believe security through obscurity works (OSX is living proof). but I don't think the numbers you are suggesting will mean much. Just from what I've "seen" I'd guess they were comparable. What does that mean? well, pretty much web applications under Windows or LAMP appear use the same development model for much of their code - first to market with coolest features the fastest. Quality is an afterthought to be dealt with in patches or future releases, which means security is a further afterthought. Do I like running either? No. The graph numbers end up just being nutritionless fodder for trolls and management. -Bob [1] Yes, I have seen an ANFC used for real [2] [2] Yes, it had a hole.
Current thread:
- LAMP vs Microsoft Darren Reed (Jul 10)
- Re: LAMP vs Microsoft Jarrod Frates (Jul 10)
- Re: LAMP vs Microsoft Bob Beck (Jul 10)
- Re: LAMP vs Microsoft Darren Reed (Jul 15)
- Re: LAMP vs Microsoft Bob Beck (Jul 15)
- Re: LAMP vs Microsoft Darren Reed (Jul 15)
- Re: LAMP vs Microsoft Bob Beck (Jul 15)
- Re: LAMP vs Microsoft Bob Beck (Jul 18)
- Re: LAMP vs Microsoft Darren Reed (Jul 22)
- Re: LAMP vs Microsoft Darren Reed (Jul 15)
- Re: LAMP vs Microsoft George Capehart (Jul 18)
- Re: LAMP vs Microsoft Darren Reed (Jul 18)
- Re: LAMP vs Microsoft Hugo van der Kooij (Jul 18)