Jeff released another report: He is looking back into one year of Windows Vista. We had the discussion about the value of vulnerability comparison and I do not want to open another discussion thread about that. But as long as we hear that our products are less secure than others because we have sooo much vulnerabilities, these reports are important for us internally (we know where we stand) and externally to communicate our findings – and they are pretty interesting.
Have a look at the report at Download: Windows Vista One Year Vulnerability Report
Last but not least it was interesting to see that readers of my blog are looking into these things as well: Vista logged fewer vulnerabilities in its first year than XP, Red Hat, Ubuntu, and Apple Mac OS X did in their first years
I would also like to mention that to make Windows Vista as standard OS across the business, many businesses would like to go through a testing procedures for many of their production applications which I think will take awhile.
It may sound really strange to you but its true that I have seeing many businesses have 3-5% of their network still running Windows 98. As Vista has fewer vulnerabilities which means less patch management.
I would really like to see businesses along with home users considering migrating Windows Vista. Likewise, testing and making sure Windows Vista is stable with other applications they need is really very important which I think will take a little while.
it is not new to me that there are a lot of companies still having part of their infrastructure on Windows 98 or even older OSs. This is very scary as these Operating Systems often do not get any security updates anymore but are completely unprotected in the network and very, very often are used as a starting point for a network intrusion.
When it comes to Vista and application compatibilty and I think that there is a lot of fuzz out there by people who have never run Vista yet. Yes, there are applications that might have problems but most of them do due to some technology we implemented in Vista (like application virutalization)