Guest post by Mark Cox, Red Hat’s director of security response, has published his usual risk report, which includes very detailed statistics and other information on security issues and how they were handled in Red Hat Enterprise Linux 4. Red Hat remains the only OS vendor to directly publish such information and provide the raw data as well. “Red Hat is continually developing technologies to help reduce the risk of security threats, and a number of these were consolidated into Red Hat Enterprise Linux 4. The most significant technologies were SELinux and Exec-Shield. Exec-Shield is a project which includes support for the No eXecute (NX) memory permission, simulating NX via segment limits, Position Independent Executables (PIE), gcc, and glibc hardening. For more details, a table of the major security technology innovations in Enterprise 4 is available.”
This initiative is execellent, I cant evalutate if this
is equivivalent of full disclosure but centainly the closest to it ive seen on any commercial OS.
Its not a question of a platform has errors its a question of how fast theyre mitigated. Sweeping problems under the rug never seems to work anyway.