Skepticism called for on all vendor studies

Skepticism called for on all vendor studies

Summary: Whenever I see a study I look at who sponsored it. Take this for example.

SHARE:
TOPICS: Security
0

Whenever I see a study I look at who sponsored it.

Take this for example. It's a study from Security Innovation Inc.claiming Linux servers are less secure than those running Windows.

Are you surprised it was sponsored by Microsoft?

I wrote such papers in a previous life and believe it or not Microsoft will not let these things go out if they think the conclusions go too far.

But it's so easy to make numbers tell the story you want to hear. Check out the methodology, then ask:

  • Define a security vulnerability. Are they all equal?
  • Define days of risk. This study claims it's the time between public disclosure and an available fix. If I keep a risk to myself is it not a risk?

Mark Cox of RedHat is offering his own data sets and scripts to let you test the Sisecure conclusions against your own systems.

So, is this FUD, or is this factual? What's the security record at your shop? Let us know in TalkBack.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion