I don't see where the Linux kernel having a greater volume of vulnerabilities identified/reported busts the "Eyes on the code" "myth" as you suggest. At the worst, this suggests that security analysts and others are more interested in identifying vulnerabilities in released Linux kernel code vs code under testing. I suspect this is just the nature of how they are motivated, and not specific to any OS.
The problem is no one can prove the ratio of undisclosed to disclosed vulnerabilities for any OS or application. If anything more vulnerabilities disclosed would seem to prove "eyes on the code" is working as advertised. Your real criticism should seem to be with the kernel development/release process itself, not with how well eyes on the code works.
IBM Sponsored Resources
Resources from our Sponsor
- Oracle Exadata vs IBM: Netezza Compared
- Forrester TEI Report
- CIA Whitepaper
- Harnessing the Power of Advanced Analytics
- Tapping into Unleashed Business Potential with Advanced Analytics
- Unlock Analytic Performance with Revolution R for Enterprise and IBM: Netezza Data Warehouse Appliance
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
