LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Sponsored link

Vyatta – Linux & Open Source Alternative to Cisco – Advanced Routing, Firewall, VPN, QoS..
Free Download ->

Recent Features

LK2008: The values of the Linux community

LWN.net Weekly Edition for October 9, 2008

Plugging into GCC

LWN.net Weekly Edition for October 2, 2008

Ubuntu debuts its Upstream Report

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Risk report: Not only numbers count

Risk report: Not only numbers count

Posted Feb 27, 2008 22:12 UTC (Wed) by chel (guest, #11544)
In reply to: Risk report: Not only numbers count by proski
Parent article: Risk report: Three years of Red Hat Enterprise Linux 4 

I suggest http://www.securityfocus.com/news/8412 for further reading, especially the part
about the race condition bug that blinded the control system, and played a major role in the
NE Blackout.

For me Open Source design together with bug finding projects on several places is much more
important then fixing time of bugs after they have been published. Not every bug is published
before a disaster. For the NE blackout: "About eight weeks after the blackout, the bug was
unmasked as a particularly subtle incarnation of a common programming error"

The best place and time to find and correct bugs is on your desk before damage is visible. OSS
helps to do that.

My problem with this kind of statistics is that it moves the discussion in the direction of
discussions about OS-es that fix flaws in virus checkers.

(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds