Security Fix spent the past several weeks compiling statistics on how long it took some of the major software vendors to issue patches for security flaws in their products. Since Windows is the most-used operating system in the world, it makes sense to lead off with data on Microsoft's security updates in 2006.
First, a note on the methodology behind this blog post: The data presented here builds on a project I began in late 2005 looking back on three years of efforts by Microsoft to address only the most severe security holes in its software. I conducted that same research again last month, individually contacting nearly all of the security researchers who submitted reports of critical flaws in Microsoft products to learn from them not only the dates that they had submitted their findings to the company, but also any other security trends or anomalies they observed in working with the world's largest software maker.
Several weeks prior to posting this information, I shared the data I had gathered with Microsoft. The officials I dealt with helpfully concurred or quibbled slightly with some of my findings, but the company raised no objections that would materially affect the results presented in this particular study of IE flaws. In fact, if you examine the links included in the vulnerability chart that accompanies this post, you can see for yourself how the data is supported by information posted on the Web over the past year.
Full article: http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
First, a note on the methodology behind this blog post: The data presented here builds on a project I began in late 2005 looking back on three years of efforts by Microsoft to address only the most severe security holes in its software. I conducted that same research again last month, individually contacting nearly all of the security researchers who submitted reports of critical flaws in Microsoft products to learn from them not only the dates that they had submitted their findings to the company, but also any other security trends or anomalies they observed in working with the world's largest software maker.
Several weeks prior to posting this information, I shared the data I had gathered with Microsoft. The officials I dealt with helpfully concurred or quibbled slightly with some of my findings, but the company raised no objections that would materially affect the results presented in this particular study of IE flaws. In fact, if you examine the links included in the vulnerability chart that accompanies this post, you can see for yourself how the data is supported by information posted on the Web over the past year.
Full article: http://blog.washingtonpost.com/securityfix/2007/01/internet_explorer_unsafe_for_2.html
