Red Hat Enterprise Linux 4 Passes 1000 Vulnerabilities

A few weeks after my July OS Vulnerability Scorecard posting, I was amused to see a posting about it on (click to see the post).  I can’t even do it justice by paraphrasing, so here is the text:

A Microsoft vulnerability report suggests that Microsoft wasn’t able to fix more Windows flaws than the number of open software flaws fixed by the major open source companies. Red Hat, having forty times less employees than Microsoft, did the best job, by fixing and closing the most security bugs, also closing even minor bugs – where Microsoft didn’t even fix one minor bug in the same period.

Seriously, I loved this post, it made me laugh out loud!  Fixing more security vulnerabilities is apparently a good thing in the world of Red Hat Truth.

Well, for those who actively support that theory, I have some fantastic news for them!  According to my calculations, in July 2007, the Red Hat Enterprise Linux 4 team fixed their 1000th unique security vulnerability.  Now, 164 of these were Low severity and 479 were Medium severity, but still, that is a ton of work accomplished by that team, especially given that the product only shipped in February of 2005.

To put that in context, (again by my calculations) Microsoft has fixed only 649 security vulnerabilities for all supported products across the company since the year 2000. 

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »