Subscribe: Comments on: halos and security holism
Added By: Feedage Forager Feedage Grade B rated
Language: English
article  betanews article  betanews  browser  bugs  cert  explorer  fidelity  firefox  great  linux  listed  raw  security  software  windows 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: Comments on: halos and security holism

Comments on: halos and security holism

noise from signal

Last Build Date: Thu, 10 Nov 2011 07:05:56 +0000


By: shaver » high fidelity

Wed, 04 Jan 2006 06:25:34 +0000

[...] After my previous post about Fidelity and Firefox, Rafael pointed me at another article about Fidelity’s adoption of Firefox. A gem from that one, emphasis mine: Recently the center began testing the open-source Firefox browser, an alternative to Microsoft’s dominant Internet Explorer. Charlie Brenner, a Fidelity senior vice president in charge of the center, says the idea came from engineers in his department who were using it at home and liked Firefox’s advanced features, such as the ability to open new browser windows in tabs rather than in a whole separate browser, and its promise of being more secure from hacker attacks than Explorer. [...]

By: shaver

Wed, 04 Jan 2006 05:47:18 +0000

The CERT study listed is a great example of why simply counting vulnerability reports is a risky practice. Not because it would seem to indicate that Linux has more security bugs that does Windows -- it might well, for all I know; I'm not very current on that -- but because it groups software pretty "misleadingly". GNU Emacs and squid run on Windows as well as Linux, and the vast majority of Windows bugs listed seem to be in 3rd-party software that doesn't get distributed with the operating system, and are therefore unlikely to affect the security of a given Windows user.

"Misleading" is in scare-quotes because I don't think it was the intent of the CERT list compilers that the raw count be used to compare the security of different operating systems, even on a single simplistic number line. Shame on them if it was, though.

It's also a great example of how the comment system can savage a raw URL, so I've taken the liberty of fixing it. (I should add a Preview button one of these days, mmmmmm....)

By: Humpty Dumpty

Wed, 04 Jan 2006 05:37:56 +0000

[Ed.: betanews article]