On Monday 30 December 2002 14:56, John Lamb wrote:
James Mohr wrote:
There is a lot of hand-waving, but it did say "16 out of the 29 advisories published (by CERT) during the first 10 months of 2002" were for "Linux Software". At first that is suprtising, even shocking, but my bet is that "Linux Software" actually means "open source", so it applies to more than just Linux (even Microsoft).
An obvious piece of nonsense: it's like concluding that red cars are more likely to develop faults than pink ones.
Didn't Churchhill say that there are three kinds of lies: regular lies, damned lies and statistics?
If the samples taken were representative (not very plausible) and there were equal numbers of software product in each category (not true) and the null hypothesis was that CERT advisories were equally likely in both categories, then the result (16/29) would not be statistically significant even at 20%. Usually, we look for 5% or lower significance before drawing conclusions.
If you look at some of the comments to the article they mention the fact that there are are 50K+ open source projects (at least on SourceForge) but only 250 MS "products". Even if the numbers in the Aberden report are true there are about 100 times more MS security bugs (by percentage). I liked the fact that Linux trojans "doubled" between 2001 and 2002 (from 1 to 2).
In this case, no conclusions can reasonably be drawn and there is good reason to suspect bias against 'linux and opensource software'.
Of course you can draw a conclusion. One is that the author of the article is either himself paid by MS or didn't bother to check the "facts" in the Aberdeen report. ;-)
The study is not worth the paper it isn't printed on and the consultants who published it are either incompetent or guilty of unprofessional conduct.
Not necessary. If someone pays me to write a "report" that skews statistics and praises Microsoft and I do just that, why is that unprofessional? I am doing what I am paid to do. ;-) Regards, jimmo -- --------------------------------------- "Be more concerned with your character than with your reputation. Your character is what you really are while your reputation is merely what others think you are." -- John Wooden --------------------------------------- Be sure to visit the Linux Tutorial: http://www.linux-tutorial.info --------------------------------------- NOTE: All messages sent to me in response to my posts to newsgroups, mailing lists or forums are subject to reposting.