The root cause might less be whether an entity uses Linux or Windows but whether they use cloud or on-prem. No matter how skilled, the on-prem stuff getting maintained by IT/SOC (often external contractors) are unlikely to deliver the same level of diligence as one of the big cloud vendors.
Things are so complex we have critical bugs everywhere that can not be patched without major breakage. So what does a diligent org do? they make a risk-assessment to explain things away for legal & compliance purposes.
check your SCA/SBOM in any/most stacks if you think this is untrue ...
Things are so complex we have critical bugs everywhere that can not be patched without major breakage. So what does a diligent org do? they make a risk-assessment to explain things away for legal & compliance purposes.
check your SCA/SBOM in any/most stacks if you think this is untrue ...