According to this newsfactor story, a new study has been published by Aberdeen
Group that claims open source software is more insecure than Microsoft software based on a count of CERT reports in the first ten months of 2002.

Obvious fault in this study that comes to mind is that they're pitting what amounts to a number of open source projects against a number of Microsoft products.. as everyone should know these numbers are highly unequal. An accurate comparison would be to compare a typical server setup with linux and other open source software against a typical Microsoft server and then compare the number of reported vulnerabilities.

I registered, read the "study".. It's a one page report listing CERT report counts. Not only are they counting *all* of open source projects but they're also counting all variants of unix packed into one big headline of "linux is insecure".

So who is this Aberdeen Research Group is and why they're publishing this so-called study?

From their Terms and Conditions:

These sponsored reports, white papers, and supplier profiles provide analysis that may be useful in support of internal technology planning processes, sales training programs, and external customer education programs.

Hmm.. key word.. "sponsored". I wonder by whom?

Certain Aberdeen research activities, and the resulting research documents, are funded by Aberdeen. Other research activities and resulting documents are partially or completely funded by retained consulting relationships or sponsorships with a vendor or multiple vendors. Our documents and Web casts include a statement disclosing sponsorship.

Ah, I see.. I wonder who sponsored this study as the promised statement is not on the report.

Authors of this well-researched (they just used CERT reports) and well-thought out (heavy sarcasm) report?

• Jim Hurley -
  Prior to joining Aberdeen, he was responsible for providing several technology suppliers with insight into buyer needs, and with guiding several successful mergers and acquisitions.
  
  In other words: Marketing Guy


• Eric Hemmendinger -
  Prior to joining Aberdeen, Hemmendinger was a senior product marketing manager with a major systems supplier where he was responsible for a wide variety of strategy, product positioning, and product launch activities. He also has in-depth experience with the design and production of complex commercial and military ships and ship-based system
  
  Hmm.. another marketing guy.

Trustworthy study.. that.. FUD, nothing more.

Incidentally.. for an IT research group they're not very well versed in web technology:

Registering on Aberdeen.com will place a cookie on your CPU that will identify you whenever you access free research in the future. We will not ask you to re-register unless that cookie is no longer available.

One must wonder just how they will place a cookie on my CPU.. and you have to re-register if you lose said cookie? These knowledgeable technical guys can't run a database? Sadly, people will read this crap and believe it too.