Q

Bugs in different OS versions of OSS apps

When you make an open source app that can run on Windows and Linux, does that mean that any bugs in one version will cause vulnerabilities in the other version? For example, OpenOffice's recent patch has errors in the Windows version.

This is a very hard question to answer as it depends on a lot of variables, like:

  • the application in question and
  • the nature of the vulnerability.

If the vulnerability is irrelevant to the operating system, for example an application that doesn't have appropriate access controls, then both the Linux and Windows variants may be vulnerable. But if the vulnerability relies on a particular operating system, like expecting a Windows-based kernel, then it is unlikely that the same vulnerability will impact Linux. But as mentioned, this is very arbitrary.

I would always err on the side of caution and carefully investigate any discovered vulnerability to determine all the possible combinations of operating systems, versions, and circumstances in which you might be vulnerable. Many of the security companies do this for you and I would recommend starting there if the vulnerability is known and documented.

This was first published in February 2007

Dig deeper on Linux security risks and threats

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close