On Thu, Nov 26, 2009 at 2:10 PM, rhubbell <[email protected]> wrote: > On Fri, 20 Nov 2009 08:22:45 -0500 > Brad Tilley wrote: > >> On Thu, Nov 19, 2009 at 10:06 PM, rhubbell <[email protected]> wrote: >> >> > It's naive to point elsewhere and say "see, they're not secure". >> >> Other similar systems are not as secure and that has been objectively >> demonstrated. Here's one example. See the chart at the top of page > > Ok, since you say it's objective it must be.
It's as objective as you'll find. OpenSolaris is based on Solaris which is Sun's OS (Sun sponsored the research) and they treated OpenSolaris just like the others. One concern was the amount of change compared to the amount of bugs. From the paper, "... The Linux kernel has been checked with the Coverity Prevent tool in multiple years. It was surprising to us to find that many bugs in code we thought to be clean, however, the churn rate in the Linux community is higher than that in the other two communities." Rate of change is crucial. I just saw this quote from Greg Kroah-Hartman in an interview at http://howsoftwareisbuilt.com: "Well, just to touch back on that rate of change that I mentioned before, I just looked it up, and we add 11,000 lines, remove 5500 lines, and modify 2200 lines every single day [to the Linux kernel]." Systems with that amount of change are more prone to failure. I would not want to fly on an airplane that got a new, different engine bolted on every week. I think that's the point of the comparisons. Nothing against other systems, they are fine for certain things and thank goodness for companies such as RedHat that tame that change into something manageable. Brad
