|
| ▲ | akerl_ 6 hours ago | parent | next [-] |
| Well, except OpenBSD. They’ve only had two vulns in forever. |
| |
| ▲ | cperciva 4 hours ago | parent | next [-] | | Only two remote code execution vulnerabilities in the default configuration. But that's not the only type of security bug. | | |
| ▲ | akerl_ an hour ago | parent | next [-] | | As `tptacek caught on to, I was joking since OpenBSD's published claim is such a convenient comparison to the idea upthread that Linux specifically had a poor track record. | |
| ▲ | tptacek 4 hours ago | parent | prev [-] | | They're trolling me. :) |
| |
| ▲ | tptacek 6 hours ago | parent | prev [-] | | You mean "in the default install, in a heck of a long time". :) |
|
|
| ▲ | IshKebab 2 hours ago | parent | prev [-] |
| 1. That's bollocks. Obvious bullshit. All software doesn't have the same security track record. Do you also think sendmail and seL4 have an equally poor security track record? 2. Even if everything did have an equally poor security track record, why would that mean security bugs are no more significant than any other bug? Honestly I'm dubious you've thought about this at all. |
| |
| ▲ | tptacek an hour ago | parent | next [-] | | I didn't say "all software has the same security track record". seL4 has a much better track record than Sendmail by dint of not doing very much. I'm pretty comfortable with what people do and don't think about how much thinking I've done on this topic. Done much work with L4? | |
| ▲ | akerl_ an hour ago | parent | prev [-] | | Without even wading into trying to rank projects by track record, it's worth noting that "Everything has a poor security track record" and "All software doesn't have the same security track record" are not contradictory statements. |
|
