This article by Vincent Danen—Vice President of Product Security at Red Hat—offers a very accessible guide to risk management in cyber security.
I think it’s easy to forget the important contexts that underpin product development, and I particularly enjoyed Danen’s exploration of security vulnerabilities in open source projects. Here’s an excerpt:
The promise of open source is innovation, which is what most open source communities and commercial providers seek to provide. So, time spent fixing issues that introduce little risk versus creating new and innovative solutions is an interesting dilemma.
RedHat is static release model and it is used in Enterprise Environments which are very risky. But you recommend against running a stable release, Can I know why? I watched Richard Brown’s video, but SUSE is not discontinuing their own flavour of SLE which itself is a stable release in favour of Tumbleweed.
Rolling release or Leading release distros like Fedora break a lot, I prefer stable releases above all.
Stable releases do receive same security updates as rolling ones, what makes them so bad?
Its listed here on the PG site why it isn’t recommended to use “stable” Linux versions like Debian. Personally Fedora has never had any breakage whereas Debian broke all the time for me.
I should have made the intention of sharing this article more clear: I think the introductory guide to risk management in product security is really interesting, as are the thoughts on resource management.
This isn’t a reflection of Privacy Guides’s thoughts on RHEL or anything else: just interesting reading!
@anon86352167’s answer is great, if you’re interested in our evaluation of traditional or atomic release frameworks, the website provides our current stance.
Oh I get what you wanted to say. I’m very used to using Stable distributions. Currently on Slackware 15.0, I make my own package updates if maintainers won’t, it is very simple to compile and follow instructions.
