oss-sec mailing list archives
Re: Estimate for the total number of exploitable bugs in large linux distro?
From: Santiago Torres <torresariass () gmail com>
Date: Fri, 14 Jul 2017 11:05:39 -0400
On Fri, Jul 14, 2017 at 12:34:01PM +0300, Georgi Guninski wrote:
What is an estimate for the total number of exploitable bugs in large linux distro?
You may want to look at[1] for the case of ArchLinux. Do consider the caveat brought up by other people on the list: CVE numbers are not a 1:1 mapping to bugs (or even exploitable bugs). For example, there are vendors that group all bugs discovered in a period (or with a conceputal similarity) under one CVE number, whereas others take mutliple variations of a bug and request an individual CVE for each. Needless to say, some bugs never get a CVE ;).
Also, does the total number decrease, increase or change in other way over time?
You could use the json api[2] on [1] to get a rolling count if you'd like to measure this (also pasted on [3]]):
import json, requests response = requests.get("https://security.archlinux.org/vulnerable/json") data = json.loads(response.content) len(data)
34 Cheers! -Santiago. [1] https://security.archlinux.org/vulnerable [2] https://security.archlinux.org/vulnerable/json [3] https://bpaste.net/show/faa58aab9b1e
Attachment:
signature.asc
Description:
Current thread:
- Estimate for the total number of exploitable bugs in large linux distro? Georgi Guninski (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Greg KH (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Steven Miano (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Alan Coopersmith (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Hanno Böck (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Steve Grubb (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Santiago Torres (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Kurt Seifried (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Javantea (Jul 14)
- Re: Estimate for the total number of exploitable bugs in large linux distro? Kristian Fiskerstrand (Jul 14)