News

Aberdeen Report Points Out Open Source Vulnerabilities

Analysts at Aberdeen Group say the evidence of the last 10 months shows that the popular wisdom about Microsoft security -- that it's the worst -- may be outdated.

"Obviously, the label of poster child for security glitches moved from Microsoft to the shoulders of open source and Linux product suppliers during 2002," analysts Jim Hurley and Eric Hemmendinger wrote in an Aberdeen Group "Perspective" piece published earlier this month. "Open source software, commonly used in many versions of Linux, Unix, and network routing equipment, is now the major source of elevated security vulnerabilities for IT buyers."

The evidence for Aberdeen's unorthodox position? The security advisories put out during the first 10 months of 2002 by CERT, the Computer Emergency Response Team. Analyzing the small sample of advisories issued by Cert (www.cert.org), Aberdeen gleaned several interesting trends.

  • Out of 29 total Cert advisories in 2002, 16 affected Linux. Similarly, 16 affected Unix, Aberdeen noted. Only seven affected Microsoft products.
  • Virus and trojan horse advisories affecting Microsoft products plummeted from six last year to zero in the first 10 months of this year.
  • Advisories affecting network equipment went from two in 2001 to six in the first 10 months of 2002.

    Aberdeen concludes that "Microsoft overhauled its entire software development process to fix its security problems, and its effort appears to be working. Perhaps it is time for some of the suppliers of open source and Linux software to take similar measures. But the entire IT industry must come to terms with the new reality of Internet computing as the first step in making forward progress. One of these realities is that no one vendor or supplier is more at fault than any other."

    Microsoft officials spread the word about the Aberdeen report, but they say Microsoft did not fund or sponsor the Aberdeen research.

    Mike Nash, vice president of the security business unit at Microsoft, says the Aberdeen report shows that security is an issue that affects the entire industry, not just Micrsoft.

    "The key thing here is just the observation that security very clearly is an industry issue. It does really clarify sort of where we are as an industry and what needs to get done and where Microsoft needs to be focused. There is a bit of a gap between perception and reality of where Microsoft needs to be," Nash said.

    • About the Author

    Scott Bekker is editor in chief of Redmond Channel Partner magazine.

    Featured

    • FTC Expands Microsoft Antitrust Investigation Under Trump Administration

      The Federal Trade Commission (FTC) is pressing ahead with a broad investigation into Microsoft's business practices, an inquiry that began in the final weeks of the Biden administration.

    • An image of planes flying around a globe

      2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

      Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

    • Microsoft to Shut Down Skype Services

      Microsoft will discontinue its Skype telecommunications and video calling services on May 5, 2025, marking the end of the platform's decades-long run.

    • Big Blue To Acquire Datastax in Enterprise AI Play

      In a bid to bolster its enterprise-aimed AI capabilities, IBM is planning to acquire Datastax, a leading AI and data solutions provider, for an undisclosed amount.

    Most   Popular