Home page logo

bugtraq logo Bugtraq mailing list archives

Re: LAMP vs Microsoft
From: Bob Beck <beck () bofh cns ualberta ca>
Date: Tue, 11 Jul 2006 09:16:33 -0600

And I think vulnerabilities disclosed are a much better indicator
of the changes to QA/development of products than any hyperbole
from those responsible (be it management or developers.)

        No, I think vulnerabilities disclosed is simply a measure of how much
development and deployment is happening on the platform. period. 

I fully expect that both the Microsoft and Linux based platforms to
continue to be the most popular for web deployments and thus the most
interesting for hackers to target and vulnerabilities to be found.

What would concern me more here is if one platform was on the up
whilst the other was on the down.

        This will always be the case as one platform changes in popularity
for deployments relative to another. 

        The simple fact is most of the MS/PHP/JAVA web development will be
being done by code monkeys, fresh out of school.. I'm pretty certain
they will "inbug" the same average number of bugs per line of code
they write no matter what platform it is. Development is often
outsourced to an external coding haus, written to a spec, without
complete info about what the whole final application is going to do.
Frequently they don't even reuse "mature" code from past releases
because you don't want to release it to the external people, or you're
too busy chasing platform-du-jour (Want a great example of this? I'm
betting Sun One, going from version 5 to version 6 is a good one)



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]