[Info-vax] CVE counts, was: Re: VMS Software needs to port VAX DIBOL to OpenVMS X86 platform

[mceculski2 at gmail.com]

On Wednesday, December 16, 2020 at 1:44:49 PM UTC-5, Simon Clubley wrote:
> On 2020-12-16, mceculski2 at gmail.com <mceculski2 at gmail.com> wrote:
> >
> > Sreve do you keep track of the CERT counts for linux and windows. If I was a customer that is the last choice I would make.
> 
> [I've put this into its own thread to avoid filling the original
> thread with off-topic replies for that thread and to allow people
> to easily skip over this discussion.]
> 
> Bob, comparing CVE counts is a very poor method when you are
> comparing operating systems which are very actively probed every
> day by an army of researchers (for Unix/Windows) versus an
> operating system which might be probed one in a blue moon (at least
> until someone sees the VSI marketing).
> 
> My previous one-off attempt to probe VMS for vulnerabilities found
> something that could have been used to compromise VAX/VMS and Alpha
> VMS over a 33 year period.
> 
> That doesn't exactly give me confidence that VMS has had any serious
> modern third-party security probing, at least by today's standards.
> 
> Simon.
> 
> -- 
> Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
> Walking destinations on a map are further away than they appear.

but that bug was only if your were on a local terminal wasn't it?

It had no effect on webservers, telnet or any other remote access correct?