The number of unexploited vulnerabilities in the core Linux kernel is on the rise, leading security experts to strongly suggest that business users take steps to ensure that their open-source software is as bulletproof as possible before it becomes a problem.
Recently, the U.S. Computer Emergency Readiness Team, or CERT, reported that during 2005, Linux and Unix combined had 2,328 vulnerabilities, compared with 812 vulnerabilities for Microsoft Windows.
Since their release, these statistics have had their share of detractors, especially in the open-source community (see related story, "CERT Stats Under Fire").
But a separate query of the National Vulnerability Database (NVD)--maintained by the National Institute of Standards and Technology--yielded similar results: During 2005, there were 119 vulnerabilities reported in the core Linux kernel--the one used by all the various Linux distributions, says Peter Mell, the database's main administrator. This compares with 61 published vulnerabilities for Windows XP, according to the NVD.
Moreover, the trend appears to be going upward. The 119 vulnerabilities found in Linux during 2005 compares with 47 in 2004, 16 in 2003, and 11 in 2002, Mell says.