That may well be the point ;)

A lot of this conversation has been about remote security scans, but once you find a vulnerability, how do you remediate it? How do you maintain your security posture, and continue auditing your hosts on a regular bases? To what standard?

The National Institute of Standards & Technology provides a lot of help to those attempting to implement security standards.

First is the Security Content Automation Protocol (SCAP) - scap.nist.gov. This defines how you manage, measure and evaluate vulnerabilities.

Second would be SCAP content. You'll note on the NIST SCAP page the word "community" appears 5 times in the first paragraph. That's not on accident. SCAP content is generally community generated, and there are lots of great lists of people working on SCAP content for a variety of operating systems.

Red Hat maintains the gov-sec mailing list and fedora, for example has loads of content available for Red Hat Enterprise Linux based systems.

Our friends at NIST also publish what is called the US Gov't Configuration Baseline (USGCB for short). USGCB content is available in SCAP format for Windows & RHEL. These standards are certainly a good starting point.

If your standards come in the form of a STIG - that content is available as well from the Aqueduct project.

[Disclaimer - I work for Red Hat, I support the US Gov't, and I think making security easier is probably an important thing to do]

re-read the parent post. It has nothing to do with actual fuel economy, and everything to do with how govt's define and evaluate average fuel economy. His point is that you need to compare like test results, not disparate standards.

Your personal experience, while representative of your actual gas mileage, represent yet another standard for comparison.

capiche?

A television Tax.

http://en.wikipedia.org/wiki/Television_licensing_in_the_United_Kingdom

http://slashdot.org/comments.pl?sid=2959927&cid=40557327

OSX is Unix (TM).

iOS is a Unix derivative.

KTHXBYE

No, but really. OSX is Unix.

http://images.apple.com/media/us/osx/2012/docs/OSX_for_UNIX_Users_TB_July2011.pdf

then what's this : http://books.slashdot.org/story/11/11/30/2216218/book-review-the-cert-oracle-secure-coding-standard-for-java

Reads like an article to me.

True.

False.
You are paying for support and updates, access to the KB, the Certifications (Common Criteria, FIPS, etc, etc), reference architectures, etc. NOT for the use of the trademarked brand name / logo's

False.
Once your subscription runs out, your RHN account will be locked, and you will not be able to get updates, access the KB or enter support tickets.

True

http://www.nccs.gov/computing-resources/jaguar/

Cray linux, which as I understand is a derivative of SuSE

Without Red Hat there would be no CentOS, and even with Red Hat doing the lions share of the work, the CentOS folks have a hell of a time getting updates, patches, security fixes out.