[PLUG] Windows versus Linux security
Neil Anuskiewicz
neil at pacifier.com
Mon Jul 22 01:48:51 UTC 2002
On Sun, 21 Jul 2002, Carla Schroder wrote:
> Oh, I don't think it's that complicated. Total dollars tell the story quite
> accurately. For example, how much money did Nimda cost? How much money has
> any Linux, Unix, or BSD virus cost? That's the bottom line- how much has a
> particular vulnerability cost the users? If you really want to go nuts,
> calculate how much it cost the economy in lost productivity, sales,
> additional labor, diverted resources, etc. But simply calculating actual
> direct damages isn't that difficult, and certainly tells a compelling story.
As an economic study it would be fantastic but it would take a fair bit of
research resources. As a day-to-day reporting of security vulnerabilities
I am not so sure it would be practical.
As an economic study it would be fascinating to know what those numbers
are an how they influence the TCO numbers. Truelly fascinating it would
be.
> Then compare how catastrophic individual vulnerabilities are, as Ed was
> saying. What happens when, say, a new vulnerability is discovered in Apache,
> and it is actually exploited? Certainly nothing like Code Red or Nimda. I
> can't recall anything in the past few years that even came close.
You are absolutely right on that.
--
Neil Anuskiewicz
More information about the PLUG
mailing list