home :: mark :: talks :: 2009031314

Four years of Enterprise Linux 4

It sometimes seems like me and my team are pushing security updates every day, but actually a default installation of Enterprise Linux 4 AS was vulnerable to only 10 critical security issues in the first four years since release. But to get a picture of the risk you need to do more than count vulnerabilities. My full risk report was published this week in Red Hat Magazine and reveals the state of security since the release of Red Hat Enterprise Linux 4 including metrics, key vulnerabilities, and the most common ways users were affected by security issues. It's all about transparency, highlighting the bad along with the good, and rather than just giving statistics and headlines you can game using carefully selected initial conditions we also make all our raw data available too so we can be held accountable.

Created: 13 Mar 2009