Jan 26, 2003 (07:01 PM EST)
Langa Letter: Linux Has Bugs: Get Over It

Read the Original Article at InformationWeek

1   2   3   4   5  
I made a private bet with myself when I ran an item in my newsletter called "Linux Hacks On The Rise". It cited a study of software problems reported by CERT--the Computer Emergency Response Team that impartially tracks computing security threats. (CERT is part of a federally funded research and development center at Carnegie Mellon University in Pittsburgh.)

Among other things, the article said: "...more than 50% of all [CERT] security advisories ... in the first 10 months of 2002 were for Linux and other open-source software solutions."

My only point in bringing up this issue was to show that no operating system is immune to bugs and security issues: As Linux grows in popularity, it will have its own full share of problems.

It's hard to imagine a less inflammatory or more obvious assertion--that all operating systems have bugs and security issues--but I won my bet: Linux and open-source fans thought I was attacking them or their preferred operating system. They deluged me with E-mails, many irate, claiming that CERT (and I) were dead wrong.

The two most-common arguments against the report were:

1) There really aren't that many Linux/open source bugs, especially compared with, say, Microsoft Windows. Many readers argued further that CERT erred by counting the same bugs multiple times in different distributions and versions of Linux or other open-source software; these repeated bugs should have been counted as one meta-bug.

2) Open source bugs, when they do occur, aren't that big a deal anyway because they can be fixed far faster than Windows bugs.

Trouble is, these arguments are based on old information: Yes, there once was a time when both of the above statements were true, but in a moment I'll show you some very current, non-CERT stats and info that illustrate why both statements are now emphatically false. (We'll get to the specifics in a moment.)

But this isn't a bad thing. Rather, I take it as a very positive sign of the growing maturity and mainstream appeal of Linux and open source software. Let me explain: