Further, 78% of Linux developers say that their Linux systems have never been hacked and less than 7% were hacked three or more times. Of the 22% that have been hacked, 23% of the intrusions were byinternal users with valid login ID’s. The main ways that Linux machines can be compromised are: Inadequately configured security settings, vulnerability in internet service and Web serverflaws.
Contrast those findings with data from Evans’ Spring 2004 North American Development Survey where 3 in 5 non-Linux developers reported a security breach and 32% experienced 3 or more breaches.
“It’s not surprising that Linux systems aren’t hacked to the degree that Windows-based machines can be exploited. The reasons for the greater inherent security of the Linux OS are simple, more eyes on the code means that less slips by and the OS is naturally going to be better secured,” said Nicholas Petreley, Evans Data’s Linux analyst. “As also found in Evans’ recently released Security Development Survey, the mechanism by which a Linux machine can be compromised is by users inadequately configuring security settings. Ironically, the other flaws that crackers use to compromise Linux servers are flaws in applications which run on competing operating systems, so those vulnerabilities are not specific to Linux.”
Other findings from the July survey of 500 Linux developers:
— Developer migration to the 2.6 Kernel has increased significantly in six months, rising by more than 80% with only 12% expecting to take longer than a year to make the move.
— Seventy-six percent of Linux developers now believe that the SCO lawsuit will “probably not” or “absolutely not” affect their company’s adoption of Linux, up another 8% in the last six months.
