“How are the various Linux distributions doing in terms of
general security? In this article, I make a few observations on the
results of a quasi-statistical analysis of the security fixes
issued by Linux distributions. We will look at response time
and total number of bugs, as well as how often a distribution is
released and how popular it is. A second primary concern is what
software a vendor ships, and how it is configured. The article
is not meant so much as a comparison of the various distributions
as a general industry report. Links to other related articles on
this topic are provided at the end of this page.”
“I have not fully covered Slackware and Debian, with their
ridiculously slow release schedules. Additionally, some vendors,
like Mandrake, who only recently has been publishing useful
security updates, but still has no central ftp site to get updates
from (although there are third party mirror sites. I will focus on
the major Linux distributions: Red Hat, SuSE, TurboLinux and
Caldera, plus a few others.”
“My examination is divided into three sections. The first and
longest looks at past and present performance on releasing security
fixes; the number of security fixes as compared to general bug
fixes; and how easy it is to find these updates — availability,
keeping customers informed, and so on.”