You know Jon, the more I think about it the more it bothers me that you intimated that PaXTeam and company may be acting out of self-interest. The reason it bothers me is that the shoe fits better on the other foot. Granted that PaxTeam and company might have a certain amount of incentive to play up Linux security vulnerabilities, in order to increase their reputations at security researchers, but Linux core devs have an even greater incentive to play down security vulnerabilities in order to protect their reputations as kernel hackers. Likewise, companies which rely on Linux as part of their revenue stream have a very strong incentive to play down, hide, or obscure Linux's security problems. I like to assume that everyone involved is honest and of good-will. This is a good starting point. However, we have to admit that people are influenced by psychological motivations other than their sheer desire to contribute to the greater good. If you are writing up the release notes for the latest Linux kernel, it might sting your pride a little bit to write something like "The following seventeen remote root exploits have been fixed since the previous release.". (For example, the way the OpenBSD folks post prominently, at the top of their home page, the count of how many remote exploits they've shipped. -- http://openbsd.org .) If you are selling Linux to customers, then it might sting your revenue stream. But by the same token, it might be good for you to force yourself to write that down and show it to your users or customers.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds