Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
Privacy, Security, Encryption "Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Thread beginning with comment 222010
To view parent comment, click here.
To read all comments associated with this story, please click here.
by sbergman27 on Fri 16th Mar 2007 19:30 UTC in reply to "RE: FUD FUD FUD FUD"
Member since:

"""Can you PLEASE judge the article on its own merits?"""

Fair enough.

To his credit he does address the disparity in included packages between Windows and Linux. But he does seem to perform a bit of voodoo by claiming that he could just click a few check boxes in the install and magically come up with an apples to apples comparison.

If you read his responses in the blog comments (Yes, it's a blog!), it becomes apparent that he takes the rather bizarre view that only disclosed vulnerabilities are important. He also implies that most of the disclosed ones end up being fixed ones (and that the amount of time to release a fix is not significant) and so fixed vulnerabilities are all he really needs to take into account in his tallies . (Yes, it's another simple *tally*!)

Add to that the fact that he is a "Director of Strategy" for Microsoft*, and you have to admit that a reasonable person is well within his rights to start getting a bit suspicious.

*For those who subscribe to the view that MS treats security issues as PR problems rather than as technical problems, that would make him a "Director of PR Strategy", I suppose.

Edited 2007-03-16 19:39

Reply Parent Score: 5