On Tue, Aug 21, 2012 at 12:36:15AM +0100, Mr IT Guru wrote:
> While the graphs are nice, and provide a visual representation of the time it takes to releasing a patch with regards to a security advisory - what real information do they tell us?


I liked the graphs, the writeup and the overall presentaion and I am impressed by the research done by the O.P.

There is even useful information in his report - for example RHSA-2012:744 (or so) clearly had
something about it that caused trouble for all 3 distributions.

The measurement of the worst delay - 20 days - is also useful. It compares favourably
with other OS distributors, i.e. Apple, where delays for fixing similar bugs seem to be
much longer. (so now I have to do the same report for Linux vs MacOS vs Windows -
delay from CVE to vendor advisory to release of solution. Nah... I go to the beach instead).


-- 
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada