Posted by: kurtsh | January 24, 2008

DOWNLOAD: Windows Vista One Year Vulnerability Report

Jeff Jones, Microsoft’s Director of Security Strategy, has posted his "Vista One Year Vulnerability Report" on his blog.  He’s added something he calls the "Patch Event" histograms that helps to basically show:

  • An improved Software Development Lifecycle drives the quality of security essentially through the reduction of the need for security patching
  • A policy-driven benefit of moving to a monthly patch policy

[Taken from Jeff Jones’ Security Blog]

Windows Vista shipped to business customers on the last day of November 2006, so the end of November 2007 marks the one year anniversary for supported production use of the product.

This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products.

The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor. Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor, Windows XP.





%d bloggers like this: