Linux firms refute patch speed claims


Linux firms refute patch speed claims

Daniel Thomas
The four major Linux distributors have dismissed claims by Forrester Research that Microsoft outperforms them on responding to and fixing security flaws.

In its report, Is Linux More Secure than Windows?, the analyst firm looked at how Microsoft, Debian, MandrakeSoft, Red Hat and SuSE Linux responded to reports of security flaws during a 12-month period.

It gave Microsoft the highest marks for its "responsiveness" and its "thoroughness" in dealing with reported security vulnerabilities.

However, the four Linux distributors claimed the report had "extremely limited real-world value" for users.

Although the data that the analysis is based on is accurate, the conclusions are not, said Vincent Danen, security update manager at MandrakeSoft.

By treating supplier responses to all vulnerabilities as equal, the Forrester report failed to measure the much better record of Linux distributors when dealing with serious flaws, he said.

In a statement issued in response to the study, SuSE Linux said, "Our users will know that for critical flaws we can respond within hours."

By focusing purely on quantitative analyses, the Forrester report failed to differentiate between both the seriousness of the flaws and, more importantly, the quality of the fixes, SuSE said in its statement.

Laura Koetzle, author of the Forrester report, defended the analysis of the data, insisting that all the suppliers studied in the report were measured equally using publicly available and widely accepted vulnerability rating measures from the National Institute of Standards and Technology.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy