Linked by Thom Holwerda on Mon 25th Jun 2007 20:40 UTC, submitted by anonymous
"I was somewhat surprised (but pleased) at the level of interest back when I published my Windows Vista - 90 Day Vulnerability Report. It was about the earliest span of time I thought might give us some indicators, and the indicators did look good. Six months is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain."
Thread beginning with comment 250491
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
RE: Finger in the air metric
by Cass on Tue 26th Jun 2007 00:08
in reply to "Finger in the air metric"
Member since:2006-03-17
Member since:
2005-07-06
One Windows-specific measure or metric of security is the number of worms sweeping the world's computers right now. In the earlier part of this decade, Windows-specific worms were rampant, even bringing parts of the 'net down. We haven't had such an attack in a long time, and that, IMHO a sign that Microsoft truly is learning and gettiing better. I call this the Finger in the Air metric.
As to comparing Windows with others, I have my doubts like the discussion above - what is a critical bug, what does patching it really mean (i.e. what if later on the patch turns out to have opened a new hole?), and when that's decided, I'd like to see the full list of bugs considered for a report, what their classification was and why.
As for which OS is the most secure, it's the one you know best. I have little experience in fully locking down Linux but can lock down Windows very well. Even if someone argues it takes more steps for me to secure Windows, the end result will still be better with Windows. Likewise for someone who knows Linux (or anything else) better.