"I was somewhat surprised (but pleased) at the level of interest back when I published my Windows Vista - 90 Day Vulnerability Report. It was about the earliest span of time I thought might give us some indicators, and the indicators did look good. Six months is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain."
To read all comments associated with this story, please click here.
Member since:2005-07-06
"Even the full report doesn't include these, only a more extensive analysis of the numbers which he provides and which, in the absence of references, we have to take on trust."
Given how far up the food chain he is over at MS (executive level) I'm willing to take what he says as fact, lest he bring on a serious PR nightmare for MS's security division.
The PDF is where the real meat is for anyone who hasn't read through it yet.
Member since:2005-07-06
As I said, I read the PDF, the info I mention is not there.
I'm not saying I suspect the report is intentionally misleading or in bad faith, I don't believe that. I'd just like to take a look at what the patched and unpatched issues for each product are and see if the overall report is an accurate reflection of the actual security profile in each case.
Edited 2007-06-25 21:41
Member since:
2005-07-06
I wish he'd provide a full list of the actual issues in some independent tracking system somewhere. Even the full report doesn't include these, only a more extensive analysis of the numbers which he provides and which, in the absence of references, we have to take on trust. Due to this, the report is basically impossible to verify without duplicating all his work.