/>
X
Innovation

Skepticism called for on all vendor studies

Whenever I see a study I look at who sponsored it. Take this for example.
Written by Dana Blankenhorn, Inactive on

Whenever I see a study I look at who sponsored it.

Take this for example. It's a study from Security Innovation Inc.claiming Linux servers are less secure than those running Windows.

Are you surprised it was sponsored by Microsoft?

I wrote such papers in a previous life and believe it or not Microsoft will not let these things go out if they think the conclusions go too far.

But it's so easy to make numbers tell the story you want to hear. Check out the methodology, then ask:

  • Define a security vulnerability. Are they all equal?
  • Define days of risk. This study claims it's the time between public disclosure and an available fix. If I keep a risk to myself is it not a risk?

Mark Cox of RedHat is offering his own data sets and scripts to let you test the Sisecure conclusions against your own systems.

So, is this FUD, or is this factual? What's the security record at your shop? Let us know in TalkBack.

Editorial standards

Related

The 16 best Cyber Monday deals under $30 still available
Amazon Fire TV Stick 4K

The 16 best Cyber Monday deals under $30 still available

Apple names the 16 best apps and games of 2022, with BeReal taking top honors
App Store icon

Apple names the 16 best apps and games of 2022, with BeReal taking top honors

Don't miss the 98 best Cyber Monday deals still available now
Large white Cyber Monday text with electronics behind it

Don't miss the 98 best Cyber Monday deals still available now