Red Hat rebuts CERT vulnerability figures

The United States Computer Emergency Readiness Team (US-CERT) report "Cyber Security Bulletin 2005," published last week, has been criticized by the open source community. Linux vendor Red Hat said some vulnerabilities had been categorized as Linux/Unix flaws when they are related to programs such as Firefox and Apache, that run on Windows as well. In addition, the information was not uniformly collected; CERT itself said the report included information from outside sources. Security firm Secunia thought that the nature of the vulnerabilities also complicated matters, since Linux/Unix researchers tend to concentrate on vulnerabilities in the less critical area of local privilege separation, while Windows researchers look at possible remote vulnerabilities. Red Hat claimed Linux operating systems were still more secure for businesses than Windows platforms, because patches were issued more quickly and fewer vulnerabilities were critical.

http://news.zdnet.co.uk/0,39020330,39245889,00.htm