Linux or Windows: Which is more vulnerable?

Share this article:

After examining security vulnerability data over the last year, Forrester Research has determined that both Windows and Linux can be deployed securely, but vendors need to ensure they address several criteria to make this process easier.

Forrester collected and analyzed data on security vulnerabilities in Windows and in the four most widely-used Linux systems: Debian, MandrakeSoft, Red Hat and SUSE. In its report, "Is Linux More Secure Than Windows," the research firm said it is critical for vendors to be more responsive in providing patches to vulnerabilities, reduce the number of more highly severe holes, and be more thorough in offering fixes for all publicly disclosed vulnerabilities.

Bearing these requirements in mind, Forrester found that Red Hat Linux had the lowest percentage of highly severe vulnerabilities, while Microsoft placed first in responding to flaws by turning around fixes for publicly disclosed holes in 25 days. Among the Linux players, Debian's developer federation was tops in responsiveness among other Linux distributors, averaging only 32 days between the first fix for a given vulnerability from any source and Debian's own fix.

In regard to thoroughness, Microsoft fixed 100 percent of its vulnerabilities. RedHat patched 99.6 percent (all but one) and Mandrake, 99 percent (all but two).

The report also looks at platform security's future and how the likes of scheduled security update processes, responsible disclosure and more, will affect it.

www.forrester.com   

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.