Taken from Jeff Jones’ blog at CSO Magazine:
http://blogs.csoonline.com/windows_vista_6_month_vulnerability_report
I was somewhat surprised (but pleased) at the level of interest back when I published my Windows Vista – 90 Day Vulnerability Report. It was about the earliest span of time I thought might give us some indicators, and the indicators did look good. (Though, I did not give us an "A+", in spite of some of the attributions 😉
Six months is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain. Also, I thought it was worth going a little deeper in the analysis to look at the total fixed and unfixed vulns as I did last time, plus these additional views:
- Include a comparison view of Linux distribution workstation builds that exclude vulnerabilities non-default optional components as well as OpenOffice and other applications that do not have equivalents on Windows XP.
- Include a comparison view that excludes Low and Medium severities to just focus on High severity vulnerabilities fixed and unfixed in the first 6 months, and
- A comparison view that combines both of these
For the full details, or to print the report, you can download the report in pdf.