Slashdot Mirror

← Back to Stories (view on slashdot.org)

5,198 Software Flaws Found in 2005

Posted by Zonk on from the better-to-find-them-than-not dept.

An anonymous reader writes "Security researchers uncovered nearly 5,200 software vulnerabilities in 2005, almost 40 percent more than the number discovered in 2004, according to Washingtonpost.com. From the article: 'According to US-CERT...researchers found 812 flaws in the Windows operating system, 2,328 problems in various versions of the Unix/Linux operating systems (Mac included). An additional 2,058 flaws affected multiple operating systems.'"

3 of 257 comments (clear)

  1. Axe Grinding by alanw · · Score: 5, Informative
    Brian Krebs is clearly either extremely stupid, or has an axe to grind. If you look at the Cert Cyber Security Bulletin 2005 Summary, you can see that many of the lines in it end in "(Updated)" A simple count of lines gives the results that Brian quotes, however there are far more "(Updated)" entries in the Unix/ Linux Operating Systems section. Removing these lines gives the following results:
    including excluding
    "(Updated)" "(Updated)"
    Windows 813 671
    U/L 2328 891
    Multiple 2057 1512

    (sorry about the spacing - can't find any way of doing it)

    greatly reducing the proportion of Unix/Linux vulnerabilities

    1. Re:Axe Grinding by jc42 · · Score: 4, Informative

      Hey, you missed the even bigger method of increasing the unix/linux score: counting each distro separately.

      Thus, if you go to distrowatch.com, you find 100 distros for linux alone. So for most actual kernel bugs, you can count each one at least 100 times. And for apps that run on all unix releases, the multiplier can be a lot higher.

      Of course, there are several distros of Windows, too. But not nearly as many, and the people adding up the bug counts somehow always seem to miss this trick with Windows.

      Anyone else got a favorite way of producing misleading bug scores?

      --
      Those who do study history are doomed to stand helplessly by while everyone else repeats it.
  2. These numbers are meaningless. by master_p · · Score: 4, Informative

    Ok, I've made a 'hello world' program in C++...I had 0 bugs in it, do I win?

    Seriously now, these numbers are useless without mentioning lines of code and programming languages. Suse Linux 9.3, for example, has over 7,000 RPMs, which is an enormous amount of software.

    Absolute bug numbers are meaningless.