![](https://seccdn.libravatar.org/avatar/4d0f6f93171d5cb967a4ee0d74b7efea.jpg?s=120&d=mm&r=g)
Objectivity by CERT is a misnomer, they are not objective in the least. They are, however, a for profit organizaton open to the highest bidder. Case in point: They did a report on AMD flaw where they cited numerous reasons why Intel made a better product. Fact of the matter they never did one interview with anyone at AMD and derived their "facts" for the study base on perceptions commonly subscribed to by the general public. So, what we see with CERT reports is more often due to its mission of fulfilling it's own market strategy - that is to reports with a "wow" factor in order to get people to subscribe to their service. They're all about producing reports with a marketing target and they are not a objective research organization. The report is for the purpose of telling people what they want to hear - namely those the work for or support M$. It isn't worth the time it takes to read it. They lack completely any sort of meaningful data and offer up antecdotal evidence that is weakingly, if at all, confirmable. I'm not saying this because I'm a Linux supporter. I'm saying this because their research methods are not mentioned, given, and no real analysis techniques are offered in support of the "data" they claim in the story/report. Curtis On Monday 30 December 2002 07:56, John Lamb wrote:
James Mohr wrote:
There is a lot of hand-waving, but it did say "16 out of the 29 advisories published (by CERT) during the first 10 months of 2002" were for "Linux Software". At first that is suprtising, even shocking, but my bet is that "Linux Software" actually means "open source", so it applies to more than just Linux (even Microsoft).
An obvious piece of nonsense: it's like concluding that red cars are more likely to develop faults than pink ones.
If the samples taken were representative (not very plausible) and there were equal numbers of software product in each category (not true) and the null hypothesis was that CERT advisories were equally likely in both categories, then the result (16/29) would not be statistically significant even at 20%. Usually, we look for 5% or lower significance before drawing conclusions.
In this case, no conclusions can reasonably be drawn and there is good reason to suspect bias against 'linux and opensource software'.
The study is not worth the paper it isn't printed on and the consultants who published it are either incompetent or guilty of unprofessional conduct.
JDL
-- Billboard Writer vs. Literature = Micorsoft vs. Computing,