Linked by Thom Holwerda on Tue 21st Aug 2007 18:19 UTC, submitted by SEJeff
Privacy, Security, Encryption Jeff Jones has published another one of his vulnerability scorecards comparing various operating system offerings. As always, these figures just list the patched vulnerabilities over the designated period of time; they do not take into account any unfixed or undisclosed vulnerabilities. Hence, these reports are not proper measurements of security - they are just that, a tally of fixed vulnerabilities. Any conclusions like "x is more secure than y" cannot be drawn from this data set. As always, do with it as you please.
Permalink for comment 264876
To read all comments associated with this story, please click here.
Only fixed?
by signals on Tue 21st Aug 2007 22:10 UTC
signals
Member since:
2005-07-08

Maybe one of the vendors on his list should just stop patching their system for a while. Even though they would probably have quite a few massive, public, unplugged security holes, they would show up with 0 vulnerabilities in his graphs.

To the casual observer, the vendor who doesn't patch any security problems would look to be the most secure.

If there's anything you can take away from reading this guy's blog, it's that Microsoft hasn't patched as many problems as the other vendors. You can't say they didn't have as many, just that they didn't fix as many.

Reply Score: 3