As you probably read, Microsoft announced that it will focus on security rather than new features for the foreseeable future. According to one report, it has suspended all coding of anything new for the next month while the entire company focuses on hunting for bugs and security vulnerabilities. Microsoft also hired a security heavyweight to head the effort to make Microsoft’s products more secure. These are all signs that it may seriously intend to address its critics.
But there’s another aspect to this issue that helps put the reporting on Microsoft in perspective. SecurityFocus is the leading provider of security information about the Internet. The statistics gathered by SecurityFocus show a surprising trend:
Linux, not Windows, has had the most security vulnerabilities, year after year, for five years straight.
The statistics available now run through August 2001. This was reported in several places today; here’s one article that summarizes the numbers.
You’ve been led to believe that Linux is more secure, stable, and reliable than Windows. Likewise, the press routinely tilts its stories, subtly or obviously, to make it appear that open-source development is a superior alternative to closed-source development at companies such as Microsoft. The press and Linux community rip apart Windows success stories, yet trumpet Linux and other open-source success stories without closely scrutinizing the stories. It’s safe to assume that the Linux community is poised to tear into this story; if it’s reported at all in the mainstream press, it will be “balanced” by quotes from Linux zealots about the correct way to interpret the numbers and why Microsoft products are as full of holes as swiss cheese while Linux can stop bullets. Or something like that.
Read carefully. Skepticism is a handy thing to have with you when you read the paper or watch the news these days.