Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: OSS means slower patches

From: "Lauro, John" <jlauro () umflint edu>
Date: Mon, 19 Sep 2005 09:21:05 -0400
Might be, if I could believe the stats...  The problem is, that stats
are messed up.   It claims only 8 critical flaws in IE this year, and
a low average time for fixing the flaws.  That number may be correct
in terms of critical flaws, but some of the critical flaws in IE were
found last year (and only recently fixed), it's just that many flaws
are not publicly acknowledged by Microsoft until a patch is
available...  Because of the openness of OSS, it might be that the
time between wide-spread public awareness of a hole and patch
availability are larger, but that does not mean slower patches in
terms of the actual vulnerability as the data reported from IE was
clearly flawed.  Or maybe the study (to make IE look good) tossed out
vulnerabilities found last year, but only fixed this year???  To
really determine the difference, you must track back to when the
oldest version of the software that could be exploited, instead of
when it was "publicly" acknowledged...



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk

[mailto:full-disclosure-

bounces () lists grok org uk] On Behalf Of Ivan .
Sent: Monday, September 19, 2005 8:03 AM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] OSS means slower patches

An interesting perspective?



http://australianit.news.com.au/articles/0,7204,16650762%5E15306%5E%5E
nbv%

5E,00.html

Symantec Australia managing director David Sykes said the increasing
popularity of open source software, such as the Mozilla Foundation's
Firefox browser, could be part of the reason for the increase in the
gap between vulnerability and patch, with the open source

development

model itself part of the problem. "It is relying on the goodwill and
best efforts of many people, and that doesn't have the same

commercial

imperative," he said. "I'm sure that is part of what is causing the
blow-out in the patch window."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: