Linked by Thom Holwerda on Fri 16th Mar 2007 17:02 UTC, submitted by Shawna McAlearney
Privacy, Security, Encryption "Starting today, I plan on posting a monthly vulnerability scorecard for common server and workstation Operating System products. I'm going to keep these scorecards pretty clean of discussion, but you can review my methodology, sources and assumptions." Note that these results speak only of fixed vulnerabilities; the author aims to include information on non-fixed problems and the time it takes to fix problems as well. You should also read this, by the way.
Thread beginning with comment 222041
To read all comments associated with this story, please click here.
Remember
by stestagg on Fri 16th Mar 2007 21:34 UTC
stestagg
Member since:
2006-06-03

It turns out that this guy is a Microsoft Employee.
I'm not saying that he's biased, but the fact that he didn't disclose the potential conflict of interest is interesting.

Reply Score: 5

RE: Remember
by n4cer on Fri 16th Mar 2007 23:51 in reply to "Remember"
n4cer Member since:
2005-07-06

It turns out that this guy is a Microsoft Employee.
I'm not saying that he's biased, but the fact that he didn't disclose the potential conflict of interest is interesting.


He did disclose it. OSNews even linked to the disclosure above:
http://blogs.csoonline.com/exactly_how_biased_am_i

Reply Parent Score: 2

RE[2]: Remember
by stestagg on Sat 17th Mar 2007 00:24 in reply to "RE: Remember"
stestagg Member since:
2006-06-03

No. He didn't disclose it in the context of that report. This is an important issue. 99% of people who will hit that report will read just that page, not all the other journal entries in his blog.

Even for people who visit Osnews, The summary has 4 different links, only about 5% of the people who read this story will actually get round to reading the pages behind all those links.

I am at least used to the industry, so when I see a supposedly impartial survey promote Windows for its security, I immediately think 'What is the affiliation of this guy'. In this case, I hunted around the page and eventually was proved correct by a link buried in the comments. What should have happened is that the first sentence of the report should have identified the author's link to MS, and then everyone would have ended up in a state of enlightenment. (e16?)

Reply Parent Score: 3