When the list says Debian or Ubuntu it includes all software in Debian and Ubuntu. That includes software like Google Chrome, Firefox, Python, Ruby, etc. For example out of the 40 listed in 2019 in Debian 36(!) are Chrome bugs, not Debian bugs.
It's also OSS and it is much easier to surface security bugs for Linux than for Windows.
In my own research, I have attempted to send Microsoft security bugs only to be told they would be backlogged and reviewed later (which never happened to my knowledge).
> It's also OSS and it is much easier to surface security bugs for Linux than for Windows.
Shouldn't then the number of bugs decrease much faster, since they are easier to find? Unless they are introduced at even a greater rate than the ones in Windows.
That and saying Debian isn't like saying Windows. Debian is like 50.000 packages. Pretty much all CVES in this year so far listed as Debian CVES has been in Google Chrome browser...
Dahoon|7 years ago
Sort by Vendor: https://www.cvedetails.com/top-50-vendors.php
CryoLogic|7 years ago
In my own research, I have attempted to send Microsoft security bugs only to be told they would be backlogged and reviewed later (which never happened to my knowledge).
21|7 years ago
Shouldn't then the number of bugs decrease much faster, since they are easier to find? Unless they are introduced at even a greater rate than the ones in Windows.
imtringued|7 years ago
Dahoon|7 years ago
TheForumTroll|7 years ago
[deleted]