Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

Unbiased Comparison of Security Vulnerbilities between Distros?

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
slimySwagger
Posts: 6
Joined: 2022-01-30 12:35
Been thanked: 1 time

Unbiased Comparison of Security Vulnerbilities between Distros?

#1 Post by slimySwagger »

I've found a site for comparison: https://repology.org/repositories/statistics

But I think it's biased, 'cause it shows Debian stable has more vulnerabilities than testing:
https://repology.org/repository/debian_11
https://repology.org/repository/debian_12

Possible reason for this kind of bias, from Debian FAQ:
Many vulnerability assessment scanners give false positives when used on Debian systems, since they only use version checks to determine if a given software package is vulnerable, but do not really test the security vulnerability itself. Since Debian does not change software versions when fixing a package (many times the fix made for newer releases is back ported), some tools tend to think that an updated Debian system is vulnerable when it is not.
If you think your system is up to date with security patches, you might want to use the cross references to security vulnerability databases published with the DSAs (see Section 7.2, “Debian Security Advisories”) to weed out false positives, if the tool you are using includes CVE references.
Anyone got any site that compares vulnerabilities between different distros and show them in graphs? Thanks in advance.

Post Reply