I just got through reading a bunch of posts on one of my new favourite blog sites http://blogs.technet.com/security/ which is contributed to by Jeff Jones, Director of the Security Technology Unit at Microsoft.
Wow… interesting read. I get questions on this sort of stuff all the time. He goes through and quite adeptly answers a number of the ones that are attributed to marketing FUD or industry myths/beliefs. Check them out:
- Linus Law aka “Many Eyes Make All Bugs Shallow”
- Novell removes /truth and security from Linux site
- The importance of the “Evaluated Configuration” In the Common Criteria Evaluations
- JeffOS EAL4+ Secure System (example of SuSE SLES9 and Windows Server 2003/XP)
- Workload Vulnerability Index
He’s made it into my RSS reader as someone I read up on regularity… maybe you should check him out too when you get one of those articles in your inbox talking about product x security being better then product y…
What do you think?