Subject: | |
From: | |
Reply To: | |
Date: | Tue, 21 Aug 2012 09:39:41 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Tue, Aug 21, 2012 at 12:36:15AM +0100, Mr IT Guru wrote:
> While the graphs are nice, and provide a visual representation of the time it takes to releasing a patch with regards to a security advisory - what real information do they tell us?
I liked the graphs, the writeup and the overall presentaion and I am impressed by the research done by the O.P.
There is even useful information in his report - for example RHSA-2012:744 (or so) clearly had
something about it that caused trouble for all 3 distributions.
The measurement of the worst delay - 20 days - is also useful. It compares favourably
with other OS distributors, i.e. Apple, where delays for fixing similar bugs seem to be
much longer. (so now I have to do the same report for Linux vs MacOS vs Windows -
delay from CVE to vendor advisory to release of solution. Nah... I go to the beach instead).
--
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
|
|
|