Windows Vista – 6-Month Vulnerability Study

I was nudged by some colleagues this week, telling me that some folks may only be reading my technet blog, but that I hadn’t been doing a great job of cross-posting some things.

Six months is a much more interesting time frame than the previous Windows Vista – 90 Day Vulnerability Report, and gives us the opportunity to see if the early trend indicators are holding up.  Also, I thought it was worth going a little deeper in the analysis to look at the total fixed and unfixed vulns as I did last time, plus these additional views:

  • Include a comparison view of Linux distribution workstation builds that exclude vulnerabilities non-default optional components as well as OpenOffice and other applications that do not have equivalents on Windows XP.
  • Include a comparison view that excludes Low and Medium severities to just focus on High severity vulnerabilities fixed and unfixed in the first 6 months, and
  • A comparison view that combines both of these

For the full details, or to print the report, you can download the report in pdf.

Interestingly, I got slashdotted (verb) twice for this report:

The latter “spin” by slashdot gave me a chuckle, given the practical details of the issues, but I’ve come to expect it.

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »