Jeff Jones posted a blog entry to celebrate Red Hat fixing their 1000th unique security vulnerability.  He also draws attention to a Red Hat post on their “Truth Happens” blog back in August, which itself quotes a post on Lxer.com.

Jeff posts quarterly statistics on his blog that show how many vulnerabilities have been patched for various operating systems.  The LXer.com post takes one of his reports and uses it to demonstrate that Linux is more secure than Windows because Linux vendors fix more security vulnerabilities.

A Microsoft vulnerability report suggests that Microsoft wasn’t able to fix more Windows flaws than the number of open software flaws fixed by the major open source companies . Red Hat, having forty times less employees than Microsoft, did the best job, by fixing and closing the most security bugs, also closing even minor bugs - where Microsoft didn’t even fix one minor bug in the same period. Even Apple did a better job than Microsoft by fixing lots of flaws in Mac OS X.

Jeff found this to be a little amusing.

Seriously, I loved this post, it made me laugh out loud!  Fixing more security vulnerabilities is apparently a good thing in the world of Red Hat Truth.

Well, for those who actively support that theory, I have some fantastic news for them!  According to my calculations, in July 2007, the Red Hat Enterprise Linux 4 team fixed their 1000th unique security vulnerability.  Now, 164 of these were Low severity and 479 were Medium severity, but still, that is a ton of work accomplished by that team, especially given that the product only shipped in February of 2005.

To put that in context, (again by my calculations) Microsoft has fixed only 649 security vulnerabilities for all supported products across the company since the year 2000.

I’m not sure what to think.  Jeff is quite clear on how his reports are generated.  Linux supporters used to tell me that fewer vulnerabilities meant a product was more secure.  Now Linux supporters want to say that more vulnerabilities means the product is more secure, or as one comment on LXer.com puts it:

You spin the data by saying “we fixed the most bugs, leaving the fewest bugs in the new code, therefore we are the best.”

Round and round we go.

Someone at the Free Software Foundation seems to think that an effective means of promoting free software is to actively campaign against Microsoft’s new Vista operating system, and created the Bad Vista website.  I personally think this is somewhat like negative campaigns in policital races - attack the opposition rather than promote your own strengths.

As a user of free software such as Linux and BSD on my servers,  I’m a little disappointed to see this website.  I’m even more disappointed to see them encouraging what is effectively online graffiti.

This sort of action does more harm than good to the image of free software advocacy.  I’m all for promoting the free, open-source software I use, and will do so here on the site as appropriate.  But undertaking a negative campaign (some of it based on misinformation) and encouraging ridiculous stunts like Amazon tagging just makes the free software community look like a bunch of mouth foaming zealots.

Stick to the positives, compete on features, usability, and support.  Thats how to win users over.

Linux.com has written about the ongoing disagreement between Debian and Mozilla over the inclusion of Firefox in the next version of Debian.I think this quote sums it up best:

Debian’s Dorland says the whole process has been “annoyingly bureaucratic and is completely unprecedented in the Free Software community.”

The article goes on to say:

He agrees that renaming the browser for Etch’s release is inevitable “since there does not appear to be any way we can resolve our differences…Unless something changes in the very short term, it will be called Iceweasel. It seemed to be by far the most popular, avoids any confusion with the trademark, and already has a history of being the ‘alternative’ name for it. ”

Iceweasel? Come on. Getting Firefox out there as Firefox is the best outcome. Are people new to Linux supposed to understand that if they choose one distro they get Firefox, but if they choose Debian they get Iceweasel?

I agree with Eric Dorland, only I feel that both Mozilla and Debian need to show a willingness to be flexible here. This is the beginning of a downward spiral into the sort of bickering that routinely goes on in the proprietary software sector.