Posted Sep 10, 2008 21:28 UTC (Wed) by man_ls
In reply to: Kernel security, year to date
Parent article: Kernel security, year to date
So true. And with the current rate of changes, any statistics are less than useful: the last development cycle may have produced some 170k new lines and maybe 20 vulnerabilities. That is one CVE per 8k lines of code, i.e. a needle in a haystack.
A really useful study on vulnerabilities would have to contemplate (as our editor suggests) the rate of changes, the rate of introduction and the rate of removal; and compare with other development models. Anything else is just anecdotal evidence.
to post comments)