From: Adam Flinton 

Rich wrote:

>    Adam's claim, at least what you claim is Adam's, is bogus.  You want
> to count redhat vulnerbilities you count everything in the product.  If
> you want to compare this count of redhat vulnerabilities to something
> else that is fine too.  If you want to use this comparison to support
> some conclusion, well, you better be comparing counts of something
> appropriate for the conclusion being made.  In the case of Russ, not
> only were his numbers inaccurate, they were misleading and didn't
> support his conclusion.
>


Rich, you're full of it. If you want to count "windows" vulns
then by your own reckoning you are at the mercy of not the tech people in
MS but the marketing people e.g. hummmm let's have a look at say:

http://www.microsoft.com/windowsserver2003/sbs/default.mspx

or even:

http://www.microsoft.com/windowsserversystem/default.mspx

& gee guess what....there's lots of stuff which come under "Windows"
e.g. the "Windows Small Business Server" & the
"Microsoft Windows Server System".

Would you like me to list what is included within "Windows" in those 2?

On the Windows Server system you can get:

"•      Windows Server 2003
•       Application Center
•       BizTalk Server
•       Commerce Server
•       Content Management Server
•       Exchange Server
•       Host Integration Server
•       Identity Integration Server
•       ISA Server
•       Live Communications Server
•       Operations Manager
•       SharePoint Portal Server
•       Speech Server
•       SQL Server
•       Systems Management Server
•       Windows Small Business Server 2003
•       Windows Storage Server"


& gee it looks like as part of the "Windows Small Business Server 2003"
you get such "OS features" as SQLServer & Exchange.


Adam


> Rich
>
>
>     "Geo."  wrote in message
>     news:40c3b7f4{at}w3.nls.net...
>     Adam claimed only the Linux kernel counted when counting vulns since
>     embedded
>     linux (or whatever it's called) was nothing more than that. You
>     claimed that
>     whatever was included in the distribution RedHat counted as a RedHat
>     vuln.
>
>     Now I'm claiming that if MS included sendmail and bind in Windows
>     2006, any
>     sendmail or bind exploits would count as security issues thus making
>     Windows
>     2006 less secure than previous versions. It appeared to me you
>     disagreed with
>     that logic, do you?
>
>     Geo.
>
>     "Rich"  wrote in message news:40c3abe5{at}w3.nls.net...
>        I have no idea what your "least common demoninator" approach is
>     so I can't
>     comment.  I never suggested anything with that name or to which I
>     would apply
>     that name.
>
>     Rich
>
>       "Geo."  wrote in message
>     news:40c389bf{at}w3.nls.net...
>       "Rich"  wrote in message news:40c363bd{at}w3.nls.net...
>       >>   Not when trying to make apples to apples comparisons such as
>     claiming
>     one
>       version is more or less secure than another version.  If you just
>     want to
>     count
>       things, and you can tell from this discussion there isn't
>     agreement on what
>     or
>       how to count, then including bind and sendmail would result in
>     more things to
>       be counted.<<
>
>       I see, so saying that one version of Linux is more secure than another
>     version
>       of Linux must then take the least common denominator approach? I'm
>     sure Adam
>       will be overjoyed to hear you have finally come over to his line of
>     reasoning.
>
>       Geo.
>
>
>

--- BBBS/NT v4.01 Flag-5