On Tue, 11 Jul 2006, Bob Beck wrote: > > > And I think vulnerabilities disclosed are a much better indicator > > of the changes to QA/development of products than any hyperbole > > from those responsible (be it management or developers.) > > No, I think vulnerabilities disclosed is simply a measure of how much > development and deployment is happening on the platform. period. I think that is rather inaccurate. I know companies like ISS claim on internal presentations that they do a lot of code auditing for companies like Microsoft. These audits are never publicly available and may contain significant numbers you can not see with closed-source products. The same procedure simply is not availble to open-source products which are developed in a completely different way. So I think that unless one can get these indoor figures out on the street there is no way you can compare figures. Hugo. -- I hate duplicates. Just reply to the relevant mailinglist. suppressed http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of magicians, for they are subtle and quick to anger.
Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.