Security Portal: Linux Distribution Security ReportJul 24, 2000, 23:03 (0 Talkback[s])
(Other stories by Kurt Seifried)
"How are the various Linux distributions doing in terms of general security? In this article, I make a few observations on the results of a quasi-statistical analysis of the security fixes issued by Linux distributions. We will look at response time and total number of bugs, as well as how often a distribution is released and how popular it is. A second primary concern is what software a vendor ships, and how it is configured. The article is not meant so much as a comparison of the various distributions as a general industry report. Links to other related articles on this topic are provided at the end of this page."
"I have not fully covered Slackware and Debian, with their ridiculously slow release schedules. Additionally, some vendors, like Mandrake, who only recently has been publishing useful security updates, but still has no central ftp site to get updates from (although there are third party mirror sites. I will focus on the major Linux distributions: Red Hat, SuSE, TurboLinux and Caldera, plus a few others."
"My examination is divided into three sections. The first and longest looks at past and present performance on releasing security fixes; the number of security fixes as compared to general bug fixes; and how easy it is to find these updates -- availability, keeping customers informed, and so on."