‘Linux More Secure Than Windows’

In its first annual Security Issues Survey for the debut of the Software Security Summit conference in La Jolla, California, BZ Research (www.bzresearch.com) polled 6,344 software development managers about the security of different popular enterprise operating environments. The Security Issues Survey’s initial findings showed software managers consistently ranked Linux more secure than Windows, with client operating systems and applications seen as most susceptible to security exploits. The survey also explored the use of security vulnerability assessment and testing tools, with most respondents saying their organizations don’t do enough testing and that they plan to do more.

Asked to rate the security of server operating environments against operating system related hacks and exploits, Windows Server fared worst by far. Some 58 percent rated Windows Server very insecure or insecure versus 13 percent for Linux. Sun Solaris fared best, with only six percent rating the operating system very insecure or insecure. On the positive side, some 74 percent of respondents rated Linux secure or very secure versus only 38 percent for Windows Server. Sun Solaris was rated secure or very secure by 66 percent.

Asked about the security of operating systems against application-related hacks and exploits, Windows Server was again rated least secure. Some 58 percent of respondents rated Windows Server as very insecure or insecure versus 18 percent for Linux. On the other hand, Linux was deemed secure or very secure by 66 percent of respondents versus only 30 percent for Windows Server.

When queried about comparing the security of open source versus proprietary software in eight categories, open source was the clear winner in four of the categories: Desktop/client operating systems (44 percent to 17 percent); web servers (43 percent to 14 percent); server operating systems (38 percent to 22 percent); and components and libraries (34 percent to 18 percent). Proprietary software was said to be more secure than open source in only one category, database servers (34 percent to 21 percent). Results were statistically the same in three categories: Desktop/client applications, server applications and application servers.