Roger's Security Blog

As Chief Security Advisor of Microsoft EMEA - lets share interesting security information

Microsoft has the shortest Security Update Development cycle

Microsoft has the shortest Security Update Development cycle

  • Comments 1
  • Likes

Have you had a look at Symantec's latest Threat Report? It can be found here: http://www.symantec.com/content/de/de/about/downloads/PressCenter/ISTRXII_Main.pdf

I briefly read through it and one statement caught my eye:

Page 54: Of the five operating systems tracked in the first six months of 2007 (figure 18), Microsoft had the shortest average patch development time at 18 days, based on a sample set of 38 patched vulnerabilities. Of the 38 vulnerabilities, two affected third-party applications. This is lower than the average patch development time of 23 days in the second half of 2006 based on a sample set of 50 vulnerabilities, seven of which affected third-party applications.

This is a very motivating data point as this is one of the different things we have to be good at – besides making sure that we can reduce the number of vulnerabilities through processes like the Security Development Lifecycle. We proved the impact of SDL already:

See Jeff Jones' Windows Vista - 6 Month Vulnerability Report to get these details.

Roger

Comments
  • There is an interesting post over at blogs.technet.com

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment