Posted: 2007-02-21 14:51:26
And round and round we go again: history repeating itself one more time.
So what’s the newest Microsoft FUD [Fear, Uncertainty, and Doubt] tactic these days…
Apparent, its getting a bunch of bloggers and security experts to regurgitate a statement containing the abstract fact that Apache has 33 reported “vulnerabilities” to IIS’ 3.
How exactly those numbers directly translate into a Web Server’s security mark, is of course left out.
Lets look at this issue a bit closer:
Apache serves 2/3rd of the internet. It has thousands of developers and companies around the world working with the codebase: constantly securing, improving, developing, and moving Apache forward.
This is considered to be a *bad thing* by the Micosoft camp? Vulnerabilities should not be looked for, nor reported and fixed.
So I have just one question: how many vulnerabilities would be reported for IIS if the source code was open?
I think it might also be prudent to…
Take a look for yourself…
Securina.com: Apache 2.0 Vulnerabilities
Apache.org: Apache 2.0 Vulnerabilities and Fixes
Throwing out abstract statistics has no purpose other than spreading FUD.
Instead, why not report on the merits of IIS itself… Specifically, on the improvements and features of IIS 6 and 7.