Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
Privacy, Security, Encryption "Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Thread beginning with comment 221968
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Bring it on!
by leos on Fri 16th Mar 2007 18:18 UTC in reply to "Bring it on!"
Member since:

Indeed, the Vista score is a bit misleading to say the least. Vista wasn't released to the general public at all during the period he is examining. And no competent business will have deployed Vista anywhere but in testing in that period either. So it is quite natural that it has had no fixes.

However, it is not biased to not include pre-SP2 XP. SP2 has been out for years, and everyone at all concerned with security should be running it by now. Just like he didn't include old version of Linux in his comparison.

Then again, these numbers don't mean much if you keep your systems up to date. I will be very interested to see his data on non-fixed problems and time to fix. Much more relevant to determining security than fixed issues.

Another addition that would help the credibility of this piece is a detailed view where the vulnerabilities are listed, broken down by component.

Edited 2007-03-16 18:23

Reply Parent Score: 5