Josh's Windows Weblog » Windows Vista Still Strong In Vulnerability Scorecards

Windows Vista Still Strong In Vulnerability Scorecards

Microsoft security blogger Jeff Jones has an updated vulnerability scorecard out that is designed to compare Windows Vista with other operating system in terms of overall number and severity of security vulnerabilities released. If you need a justification to move to Windows Vista then security is a pretty compelling one and this shows there is none better in that department this year.

 

Red Hat EL Desktop 5 which has only been out for since March has had a suprising number of vulnerabilies. You can seen other breakdowns on his blog here and details on his methodology here.

Note: This report is to July so doesn't reflect the recent August updates.

Posted Aug 16 2007, 08:17 PM by Josh Phillips
Filed under: ,
Did you enjoy this article? If yes, then subscribe to our RSS 2.0 feed

Comments

IJR wrote re: Windows Vista Still Strong In Vulnerability Scorecards
on 08-21-2007 3:09 PM

The scorecard is for vulnerabilities FIXED, not about how many vulnerabilities are present at a given time. So if I follow your argument, then fixing ZERO vulnerabilities will make an OS very strong in terms of security. What a silly comment.

IJR wrote re: Windows Vista Still Strong In Vulnerability Scorecards
on 08-21-2007 3:17 PM

I ask the the author of this blog, Is Windows 3.0 the most safe OS because MS has not released any vulnerability fix for the past 7+ years?

Josh Phillips wrote re: Windows Vista Still Strong In Vulnerability Scorecards
on 08-21-2007 9:04 PM

IJR,

Don't you think with all of the people that are constantly trying to exploit Windows Vista, far more than most operating systems, that having the fewest fixes is the most important stat to measure by?  The reality is that millions of people are contanstly trying to exploit it, so your logic only makes sense if Microsoft was ignoring vulnerabilities.

Simon wrote re: Windows Vista Still Strong In Vulnerability Scorecards
on 08-23-2007 11:05 AM

No, the methodology openly states this doesn't include any count of publically disclosed vulnerabilities.

So all this shows is Microsoft fix less vulnerabilities. Without a count of how many vulnerabilities are discovered, the figure is pretty useless.

The figure implies Microsoft never fixes low priority vulnerabilities. Either that or the classification system is different. Either way there is nothing here to suggest that Microsoft software is more secure. It might be, but this score card suggests to me  that Microsoft don't fix bugs, not that they have less bugs.

Josh Phillips wrote re: Windows Vista Still Strong In Vulnerability Scorecards
on 08-23-2007 11:48 AM

any vunerability that is plublically disclosed will logically, eventaully, have a fix issued. The industry makes sure of that, no one gets a free ride on security and it is the same with any operating system.  People make whole careers out of watching Microsoft.

The real questions is how many do each have sitting on the table, right?

These numbers don't answer that, but if you assume that every publicly disclosed vulnerability will be a hotfix eventually and that society pressures are the same for all operating systems which leads to each having a similar fix rate/time, then it would be wash wouldn't it..?

Windows is a registered trademark of Microsoft Corporation.
Powered by Community Server (Non-Commercial Edition), by Telligent Systems Themed By nb development