For the reader to draw their own unbiased conclusions about which operating system and typically associated web server has a better track record, I will refer them to the US National Institute of Standards and Technology (NIST) vulnerability tracking web site, icat.nist.gov, to make their own comparisons of publicly reported security alert bulletins to see which operating systems and web servers have the best track record in the area of fewest serious security bugs and other vulnerabilities. No system has a clean record, but there is a significant difference between the recent history (last 10 years) of open source and proprietary (“closed source”) software.
From a Chief Information Officer/Chief Technology Officer perspective, despite the clear security benefits, formal support for open source software is only available through informal channels in Internet news and discussion groups. However, formal support for closed source, commercial software, especially in light of the increased use of off-shore support that has not approached that of “good ol’ home cooking”, does not always provide a superior benefit. For example, I recently had an experience with a major handheld computer vendor’s off-shore support which involved a problem with the handheld not recognizing an inserted SDIO card. I reported the problem to the vendor via email and grew continually annoyed after three email exchanges. Each reply from the customer support was from a different technician who never responded directly to my questions and comments. Instead their responses read like a text book and did not directly address my problem.
What do you think about the full disclosure of vulnerabilities?
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.