Reply to post:

Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold

patrickstar

My whole point is that the article here describes exactly what has been going on with Linux for ages.

Linux actually tends to be worse in my experience (or used to, I dont really keep up with kernel haxx0ring anymore), with outright memory corruption vulnerabilities and such fixed with very non-obvious descriptions. Not common, but it has certainly happened in the past and I'm willing to bet it will keep happening. Most of the time it's infoleaks (like the Windows bugs here) or stuff inadvertently fixed (eg code paths made unreachable under the circumstances needed for it to become a vulnerability).

The problem is that the core Linux kernel maintainers have no real interest in security, and atleast Torvalds has outright stated that he doesn't care more about it than fixing other bugs.

It's not about some secret Linux maintainer conspiracy to reduce the CVE counts. It's about the fact that there is no real process in place to analyze the security impact of bug fixes - it's all done ad hoc.

MS kinda atleast tries (and sometimes even succeed)

You'd see this a lot more often if they didn't - the monthly race to get and bindiff updates has been a firm tradition among people wearing hats in various shades for as long as there has been Patch Tuesday.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019