On Tue, Mar 30, 2004 at 05:24:29PM -0600, James Miller wrote: > > Positive press for Debian's security team. > > > > Using numbers from a pair of metrics, Forrester Research's > > recommendation was "businesses that value quick patches look to > > Microsoft and Debian". > > > > Full article at > > http://story.news.yahoo.com/news?tmpl=story&cid=1738&e=2&u=/zd/200 > 40330/tc_zd/123143 > > "Debian had the least number of distribution days of risk for the Linux > vendors but only fixed 96.2 percent of the vulnerabilities." > > I wonder what 3.8% wasn't fixed?
A better question would be how they determined the applicability of the vulnerabilities. This is a non-trivial job even for many individual vulnerabilities, and they claim to have surveyed hundreds. -- - mdz