After examining security vulnerability data over the last year, Forrester Research has determined that both Windows and Linux can be deployed securely, but vendors need to ensure they address several criteria to make this process easier.
Forrester collected and analyzed data on security vulnerabilities in Windows and in the four most widely-used Linux systems: Debian, MandrakeSoft, Red Hat and SUSE. In its report, "Is Linux More Secure Than Windows," the research firm said it is critical for vendors to be more responsive in providing patches to vulnerabilities, reduce the number of more highly severe holes, and be more thorough in offering fixes for all publicly disclosed vulnerabilities.
Bearing these requirements in mind, Forrester found that Red Hat Linux had the lowest percentage of highly severe vulnerabilities, while Microsoft placed first in responding to flaws by turning around fixes for publicly disclosed holes in 25 days. Among the Linux players, Debian's developer federation was tops in responsiveness among other Linux distributors, averaging only 32 days between the first fix for a given vulnerability from any source and Debian's own fix.
In regard to thoroughness, Microsoft fixed 100 percent of its vulnerabilities. RedHat patched 99.6 percent (all but one) and Mandrake, 99 percent (all but two).
The report also looks at platform security's future and how the likes of scheduled security update processes, responsible disclosure and more, will affect it.