Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

December, 2008

  • IEEE Security & Privacy: Estimating Software Vulnerabilities

    I thought I had posted this link in the past, but it turns out I did not, so ... Last summer (2007), one of my papers was published in IEEE Security & Privacy, which describes a method for estimating the number of disclosed but unfixed vulnerabilities in some version of software utilizing publicly available data. The citation reference is: Jeffrey R. Jones, "Estimating Software Vulnerabilities," IEEE Security & Privacy , vol. 5, no. 4, 2007, pp. 28-32. IEEE kindly made the paper...