Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: windows linux final study

From: Joerg Kurz <joe_k () web de>
Date: Tue, 29 Mar 2005 14:53:21 +0200


(...)
Look beyond that and think out loud about the second part of the original paragraph quoted:
per vulnerability for the Windows solution, 69.6 days of risk per vulnerability for the minimal Linux solution and 71.4 days of risk for the default Linux solution.
So now there is a difference in patch cycle between "minimal linux" and "default linux"? Can anyone cite a source for any linux vendor that makes this distinction between install types AND releases patches on a different cycle for them? How far do you have to take word mincing to make this statement true? 


jericho
(...)
Although agreeing with you in most of the other points, I have to add that the difference in the days of risk results most probably from the averaging: 

Example:
patch 1: 50 days
patch 2: 60 days
patch 3: 70 days
full installation contains: all patches = 60 days / patch
minimal installation contains: patch 1 & 2  = 55 days /patch

-jk


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: