By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
In its report, Is Linux More Secure than Windows?, the analyst firm looked at how Microsoft, Debian, MandrakeSoft, Red Hat and SuSE Linux responded to reports of security flaws during a 12-month period.
It gave Microsoft the highest marks for its "responsiveness" and its "thoroughness" in dealing with reported security vulnerabilities.
However, the four Linux distributors claimed the report had "extremely limited real-world value" for users.
Although the data that the analysis is based on is accurate, the conclusions are not, said Vincent Danen, security update manager at MandrakeSoft.
By treating supplier responses to all vulnerabilities as equal, the Forrester report failed to measure the much better record of Linux distributors when dealing with serious flaws, he said.
In a statement issued in response to the study, SuSE Linux said, "Our users will know that for critical flaws we can respond within hours."
By focusing purely on quantitative analyses, the Forrester report failed to differentiate between both the seriousness of the flaws and, more importantly, the quality of the fixes, SuSE said in its statement.
Laura Koetzle, author of the Forrester report, defended the analysis of the data, insisting that all the suppliers studied in the report were measured equally using publicly available and widely accepted vulnerability rating measures from the National Institute of Standards and Technology.