75312
submission
OTDR writes:
Despite slowly growing endorsement within the US Government (and DoD) for the use of FOSS ( see eGovOS for a good starting point), the US Army's cognizant authority governing the connection of its internal networks to the outside world, CONUS-TNOSC, has chosen to block access to the Apache Foundation's domain, labeling the site as "hostile content". Official rationale has not been disclosed, nor is it likely to ever be, but growing trends have been observed (in the name of security) to block sites not only hosting specificly-objectionable content (blogs deemed inappropriate, web content deemed offensive, pirate P2P aggregators, etc...) but also sites merely providing software development tools, software resources, and support discussion forums for the use of such technologies — all without consideration as to whether the technologies have been demonstrated (even by other Government agnecies) to have beneficial, legitimate uses.
Oddly enough, given that these measures are taken in the name of security, the US Army and much of DoD remains heavily entrenched in Exchange and IIS. Given that Apache still leads IIS in marketshare (see Netcraft for current standings), can anyone provide references/links to REAL comparitive data contrasting and comparing the relative security of these two contending servers? I realize servers in general are only as secure as a good administrator, and I realize a well-trained IIS manager can harden a box quite impressively. I'm mainly interested in finding reputable published data comparing types and numbers of genuine design flaws & weaknesses and fix/release schedules. Earnest responses only — I'm neither trolling here nor looking to start a flame war, just trying to understand and evaluate the rationale driving the block.