Number of patches != relative security

November 30, 2006 opensource , commentary 1 min read

The argument, as made in a recent Slashdot post, that the number of patches released is indicative of the security of a system is annoying and just plain wrong. Vulnerability is a function of the number of remotely exploitable bugs, the rate at which the exploits spread, and the time between when they begin to be exploited and when the flaw is patched. To my knowledge, there have been few, if any, remotely exploitable bugs in Linux or OS X that have propagated fast enough to cause any form of disruption. One could argue that this is due to Linux and OS X combined comprising less than 10% of the desktop market, but that argument doesn’t hold up to the fact that they have the majority of the server market.

Either way, the number of patches released could mean many things, one of which is not the relative security.

This content is open source. Suggest Improvements.


avatar of Brandon Keepers I am Brandon Keepers, and I work at GitHub on making Open Source more approachable, effective, and ubiquitous. I tend to think like an engineer, work like an artist, dream like an astronaut, love like a human, and sleep like a baby.