Posted by: kurtsh | June 22, 2007

NEWS: Windows Vista – 6 month vulnerability report by Jeff Jones

Taken from Jeff Jones’ blog at CSO Magazine:

I was somewhat surprised (but pleased) at the level of interest back when I published my Windows Vista – 90 Day Vulnerability Report.  It was about the earliest span of time I thought might give us some indicators, and the indicators did look good.  (Though, I did not give us an "A+", in spite of some of the attributions 😉

Six months is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain.  Also, I thought it was worth going a little deeper in the analysis to look at the total fixed and unfixed vulns as I did last time, plus these additional views:

  • Include a comparison view of Linux distribution workstation builds that exclude vulnerabilities non-default optional components as well as OpenOffice and other applications that do not have equivalents on Windows XP.
  • Include a comparison view that excludes Low and Medium severities to just focus on High severity vulnerabilities fixed and unfixed in the first 6 months, and
  • A comparison view that combines both of these

For the full details, or to print the report, you can download the report in pdf.


%d bloggers like this: