* Report suggests Linux vendors take longer to produce patches than Microsoft A recent study comparing Windows and Linux vulnerabilities showed that Microsoft is quicker at responding to problems in its software, while many of the leading Linux distributions lag in reaction time.The study conducted by Forrester Research, of Cambridge, Mass., compared Microsoft Windows products with Linux operating systems from Debian, Mandrake, Red Hat and SuSE. The research firm looked at security-related bugs, and the subsequent patch fixes that were released between 2002 and 2003.These “days at risk,” as Forrester put it, accounts the time a security bug is discovered to a patch being issued. Forrester also looked at the gravity of reported software security flaws, as characterized by such organizations as the National Institute of Standards and Technology’s ICAT project for classifying the severity of computer-related vulnerabilities.What came out of the research was that Microsoft was the quickest to release fixes for its security flaws, taking an average of 25 days between the reporting and patch release. After Microsoft, Red Hat and Debian both took twice as long to get patches out – 57 days. SuSE took 74 days to fix its flaws, and Mandrake took 82 days. Shortly after the report was released, the four Linux companies involved issued a statement critical of Forrester’s methodology. The companies said that Forrester’s data is not representative of Linux’s overall “safeness” because it averages in the severity of all vulnerabilities when determining its “days at risk” ranking. Severe problems were fixed in very short turn-around times, they claim, while minor problems were addressed over a longer period. Forrester last year drew some heat from the Linux community when it published an ROI study on Linux showing that there was little cost savings involved in migrating from Windows to Linux. The heat was turned up when it was reported that that Microsoft had co-sponsored the research. This time around, no vendor sponsored the Linux/Windows research and Forrester allowed Linux vendors to view its data before publishing. Next issue: More Linux research controversy. Related content opinion Is anything useful happening in network management? Enterprises see the potential for AI to benefit network management, but progress so far is limited by AI’s ability to work with company-specific network data and the range of devices that AI can see. By Tom Nolle Nov 28, 2023 7 mins Generative AI Network Management Software brandpost Sponsored by HPE Aruba Networking SASE, security, and the future of enterprise networks By Adam Foss, VicePresident Pre-sales Consulting, HPE Aruba Networking Nov 28, 2023 4 mins SASE news AWS launches Cost Optimization Hub to help curb cloud expenses At its ongoing re:Invent 2023 conference, the cloud service provider introduced several new and free updates that are expected to help enterprises optimize their AWS costs. By Anirban Ghoshal Nov 28, 2023 3 mins Amazon re:Invent how-to Getting started on the Linux (or Unix) command line, Part 4 Pipes, aliases and scripts make Linux so much easier to use. By Sandra Henry-Stocker Nov 27, 2023 4 mins Linux Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe