Re: Red Hat vs Debian Linux: overall security

A quick trawl through my AUSCERT advisories from 05/05 - present day 
shows the following results on subject searches:

Debian: 473
DSA (debian security advisories): 180
Redhat: 147

I went to the Open Source Symposium recently (thanks for the psp!) which 
was sponsored by Red Hat. They provided some interesting statistics 
regarding security issues, make of them what you will, but I found them 
quite interesting. Anyways here's a few of them:

70% of all attacks are now targeted at applications, not operating systems

41.7% of reported CVE vulns are stopped by ExecShield

Time taken to fix critical flaws from the time its available to the 
public till the time its fixed:

0 day - 73%
1 day - 95%
2 day - 100%

I don't have a great deal of exposure to debian, however I doubt that 
either distro is inherently more insecure than the other.

--jason

PS. I'm in no way affiliated or associated with RedHat, merely an end user.


tjanas@austin.rr.com wrote:
> I am evaluating the overall security of Red Hat linux vs Debian.  I've been told that 
> Debian has many more vulnerabilities than Red Hat.  I've also been told that Red Hat is 
> quicker to release security patches than Debian is for the "stable" release.  
> Can someone point me to a good overall assessment of the two?  Using this tool: 
> www.securityfocus.com/bid  I see that Debian has 17 pages worth of issues but Red Hat has 
> surprisingly few.  Am I misinterpreting the results from this tool?
>
>
>