January 6, 2004

Flaws in Argument Leave You Uninformed

agentorange writes "Normally, I respect the news coming from The Inquirer, because Mike Magee tends to have very good access to a lot of people. I have to take issue with the report Software Vulnerabilities Still Dog Operating Systems though, because the report makes inappropriate conclusions based on a flawed measurement methodology. It does not take a rocket scientist to understand what I am about to say, so I hope the message is clear to all.

The article, which appears to have good intentions, is nonetheless based upon a false premise. That premise is that the number of vulnerabilities reported to an organization is equivalent to the concept of being trustworthy. The fact is that the author has made an extrapolation to a conclusion that simply is not possible in the light of logic. While I applaud the effort to expose vulnerabilities in any system so that they are corrected, I would say that the author is incorrect in assuming that the sheer number of reported vulnerabilities has any direct correlation to the inherent security of the underlying Operating System itself. This is known as assuming causality where no direct correlation can be proven.

From a simple scientific methods course, you would know that this is a case of assuming a correlation where one may or may not exist. Strong correlations may be implied, but you cannot say with exacting authority that the two will have any bearing on real-life. In other words, it may be the conditions under which the measurement was observed that influenced the reported outcome. To speak plainly, the conclusion was pre-conceived prior to the written article. The facts appear to be presented in such a way then to support the conclusion although they are truly meaningless to anyone who does support or work with a network."

Link: orangecrate.com


  • Security
Click Here!