Wow.
..both Windows and Linux can be deployed securely. Microsoft Corp., however, fixes security problems the quickest\ufffdwhich is a good thing, since it also has the most major security holes.
Uhm. Yeah....
To get quantitative answers to these questions, Forrester used two metrics. The first is the number of days between when a problem is publicly disclosed and when the operating system vendor releases its fix. In Linux's case, a component maintainer\ufffdsuch as The Apache Software Foundation for the Apache Web server\ufffdcan patch security holes, but then there may be a delay before the Linux distributor releases the component creator's patch. Forrester calls this period the "distribution days of risk."
The second metric is the United States' National Institutes for Standards and Technology's ICAT project standard for high-severity vulnerabilities. According to ICAT, high-severity vulnerabilities can be used for exploits that enable any of the following: 1) a remote attacker to violate the security of a system (i.e., gain an account), 2) a local attacker to gain complete control of a system or 3) the Computer Emergency Response Team Coordination Center to issue an advisory
I'll let y'all rip apart those metrics and their relevance, especially the first one with regard to private v public exposure of a fault and the ignorance of the fact that most are wary of M$ updates until they've been field tested for breaking other stuff. Where's THAT metric in this mix?
If your business has relatively unsophisticated administrators, Forrester recommends MandrakeSoft, Microsoft and SuSE, since all three of these companies "hang their hats on the ease with which relatively unskilled users and administrators can install, configure, and patch their platforms," according to the report. If your staff is a step above that, Forrester recommends Red Hat and Microsoft.