[PLUG] Windows versus Linux security
Neil Anuskiewicz
neil at pacifier.com
Mon Jul 22 17:09:51 UTC 2002
On Mon, 22 Jul 2002, Shannon C. Dealy wrote:
> Dollars might make a good metric, but using gross amounts do not, it needs
> to be normalized in some manner, so a much better approach would be
> something like dollars lost per user hour of usage, though even this is
> not without problems, since different types of usage will alter both
> patterns of stability and degree of vulnerability, after all is it a fair
> comparison when one computer is never connected to the net or used for
> email, while another is connected 24/7, and acts as a web server, email
> router, database server and user workstation all at once? Ultimately, I
> think to get a truly fair comparison would require much more fine grained
> metrics such as: cost per million characters of word processing, cost per
> web page hit, cost per database transaction, cost per email received,
> etc.. We all have a pretty good idea of what Microsoft's level of quality
> is, but to have credibility when discussing it, the numbers must be
> honest, or we shouldn't be using them, otherwise we are just as bad as the
> marketing drones who create fictional numbers to try and prove that
> Microsoft products are superior to Linux.
It is all too arbitrary, including the money metric.
There has to be a standardized, easy to measure metric. That is the only
way it will be credible. It must be simple and not subject to much
"interpretation".
Again, as an economic study measuring the economic costs of security
vulnerabilities would be fantastic.
--
Neil Anuskiewicz
More information about the PLUG
mailing list