I was nudged by some colleagues this week, telling me that some folks may only be reading my technet blog, but that I hadn't been doing a great job of cross-posting some things.

Six months is a much more interesting time frame than the previous Windows Vista - 90 Day Vulnerability Report, and gives us the opportunity to see if the early trend indicators are holding up.  Also, I thought it was worth going a little deeper in the analysis to look at the total fixed and unfixed vulns as I did last time, plus these additional views:

  • Include a comparison view of Linux distribution workstation builds that exclude vulnerabilities non-default optional components as well as OpenOffice and other applications that do not have equivalents on Windows XP.
  • Include a comparison view that excludes Low and Medium severities to just focus on High severity vulnerabilities fixed and unfixed in the first 6 months, and
  • A comparison view that combines both of these

For the full details, or to print the report, you can download the report in pdf.

Interestingly, I got slashdotted (verb) twice for this report:

The latter "spin" by slashdot gave me a chuckle, given the practical details of the issues, but I've come to expect it.