A story of three kernel vulnerabilities
A story of three kernel vulnerabilities
A security-oriented firm called Trustwave recently sent out a
preview of an upcoming report [PDF] that features some focused criticism of
how the Linux community handles security vulnerabilities. Indeed, it says:
"Software developers vary greatly in their ability to respond and
patch zero-day vulnerabilities. In this study, the Linux platform had the
worst response time, with almost three years on average from initial
vulnerability to patch.
" Whether or not one is happy with how
security updates work with Linux, three years sounds like a rather longer
response time than most of us normally expect. Your editor decided to
examine the situation by focusing on two vulnerabilities that are said to
be included in the Trustwave report and one that is not.