Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
"Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Permalink for comment 222031
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2005-07-26
* The results appear to be in Microsoft's favour, but since we do not yet know anything about unfixed vuln., it's impossible to call these results in favour of anything.
Don't we? Seems like there are places online that track these things, and those can be used to show "unfixed" vulnerabilities. Secunia, eeye, frsirt and others come to mind off the top of my head. Unpatched vulnerabilities are known. Just disregarded.
That makes this analysis rather incomplete. There should be consideration of unpatched issues. Days of Risk. Time to patch. Geez... This is a single metric being thrown out, then titled a "vulnerability" report, when it is really a "patches issued" report.