Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
Privacy, Security, Encryption "Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Thread beginning with comment 221993
To read all comments associated with this story, please click here.
Non-Uniform Vendor Reporting
by james_parker on Fri 16th Mar 2007 18:49 UTC
james_parker
Member since:
2005-06-29

One point I've not yet seen made about this is that there is an implicit assumption that the sources of the raw data (each vendor's self report of vulnerabilities) are comparable. Different methodologies by each vendor would render comparisons across vendors meaningless.

At this point I personally consider Secunia's reporting the benchmark to surpass, and this one flaw (among many) brings it far short.

Reply Score: 1