Linked by Thom Holwerda on Thu 10th Apr 2008 21:38 UTC, submitted by SReilly
"Symantec's comprehensive security report on the malware industry from July 1 to December 31, 2007, is now available in its 100+ page glory. Symantec broke down information on patch development time by operating system and by the type of vulnerability encountered. Surprisingly, Microsoft had the shortest time-to-patch over both halves of 2007. In the first part of the year, Microsoft released 38 patches (two of which involved third-party applications) with an average deployment time of 18 days. From July to December, Microsoft released 22 patches with an average patch time of six days. Red Hat came in second, at 32 days for the second half of the year and 36 days in the first half. That's quite a bit higher than Microsoft's average, but of the 227 vulnerabilities Red Hat patched in 2007, 226 of them involved third-party applications. Apple, Sun, and HP all lag well behind Microsoft and Red Hat, though the gap for each company differs significantly between the first and second halves of last year."
Permalink for comment 309118
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
Member since:
2005-12-04
The fact that Microsoft releases their patches faster doesn't necessarily mean that Microsoft's products are more secure. Just look at the difference when not counting third-party. If Microsoft was able to patch 36 times more than RedHat, think about how many more flaws exist compared to RedHat (and ultimately Linux).
Also, as mentioned in previous comments, check out the difference in employee count. According to Wikipedia, as of 2007, Microsoft has 79,000 employees compare to RedHat's 2,200. Fascinatingly enough, the difference is almost exactly 36 times.
Edited 2008-04-11 06:57 UTC