>>362984
>These only list issues reported, not the total number of issues that exist. Given the kernel is open source, anyone can look at the code to find issues to report them.
Exploits discovered matter most as threats need to discover exploits to take advantage of them.
It's safe to assume unpublished issues approximately scale with published issues. As in, an OS with 500 published issues will have more unpublished issues than one with 100 published issues.
Your last sentence is unequivocally true and is an inherent weakness of open source. Suppose X open source software is coded in C. Finding vulnerabilities in X requires familiarity with C. In closed source it requires familiarity with reverse engineering techniques like disassembly and debugging.
Way more people are familiar with C than are competent with specialist tools like Hex Rays' IDA Pro.
>The vast majority of CVEs for the kernel are trivial shit that doesn't really affect anything, while most CVEs for windows are actually important vulnerabilities. (The kernel has about 40 issues with a CVSS score ≥ 7.0. While windows server 2022 has over 100, despite only having about 1/4 the total number of issues)
That's because Windows Server is for servers, anon. You're going wrong by equating server architecture to regular Windows.
Most CVEs for Windows are not actually important vulnerabilities. To use your own standard of a CVE with a CVSS score ≥ 7.0, Windows 11 23h2 has
only 1 such vulnerability while you said
the Linux kernel has 40. This is just the kernel, Linux distros have more than this.
>Windows is separated into a ton of different versions on this site, while the linux kernel is only listed twice(?), so its entirely likely that windows still has many more times the CVEs than linux does.
Windows vulnerabilities can overlap between versions. You can't just add up the totals for all Windows versions and compare that to the Linux kernel, anon. Like I said, no one's using Windows Server 2022 as a daily driver, they're using it for servers.
You look at a given version of Windows instead, which is much more secure.
>But I don't disagree with you that older versions of windows being insecure is a meme. When there's a truly bad RCE bug, M$ is actually pretty likely to patch it, even on old and unsupported versions of windows. Hence why they released a security patch for windows XP in 2019 to fix an RCE, over 10 years after they stopped supporting it.
This is 100% correct. Microsoft may have a horrid track record with a lot of things but patching serious RCE bugs was never one of them.
>>362981
>>Because any version of windows 7 that has any updates from the past 10 years has just as much telemetry as any of the latest versions of windows does
This is misinformation. Some updates backport spyware like DiagTrack and CEIP which users
can choose not to install.
Modern installations of Windows 7 often download
the Simplix Update Pack which has none of this.
Contrastingly,
Windows 10 and 11 are Malware: The OS, which not only includes DiagTrack and CEIP, but transmits all typing information to Microsoft (which can cover chat logs, sites, posts, usernames, passwords, bank info and more), backs up text messages to the cloud, allow Microsoft to conduct experiments with your machine, stores and uploads your clipboard history to Microsoft (which can cover usernames, passwords, bank info, chat logs, cryptocurrency addresses, and more), uploads your webcam data to Microsoft, enables the camera on the logon screen, has robust biometric collection and features, sends URLs from apps to Microsoft, sends further info to Microsoft about sites visited, sends data about browser usage, tracks extensive information about what songs and media you play and sends that to Microsoft, records your microphone data and uses those recordings to enhance speech recognition, sends your device location to Microsoft, sends your local search histories to Microsoft, hijacks Bluetooth for advertising purposes, gives you an advertising ID, collects information Microsoft associates with that advertising ID, tries to synchronize your device and browser and credentials to the cloud, has unsolicited network activity in the offline maps settings, analyzes your activity to suggest shit to you in the timeline and start and settings, uploads handwriting data to Microsoft, comes with the OneDrive cloud which has access to your network before you even log in, uploads your hardware information, uploads event viewer data, uploads how often you use or launch applications.
Microsoft has shared a lot of their information with other Big Tech companies, and lets apps access said information so it's not just Microsoft you have to worry about.