Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

February, 2009

  • Firefox in 2008 – No Single Version Available for The Full Year?

    I’ve been busy doing analysis for the next article in my cio.com Firefox series of articles, looking at vulnerability disclosures during 2007 and 2008 and I stumbled upon a little factoid that I had not previously noticed – no single version of Firefox was available for the full year of 2008. In retrospect, I should have known this would happen, given the Mozilla policy of supporting the predecessor version for 6 months after a new release. Here is what the timeline looks like:   In my interactions...
  • Feb09 Security Bulletin SDL Benefit Summary

    Summaries from previous months: Jan09 Security Bulletin SDL Benefit Summary When I do analysis and reports on Microsoft products, I typically look for where the Security Development Lifecycle (SDL) has helped to provide improvement and provide some stats on that.  This year, I decided to try and do this monthly to make it easier for me that when I do it all at once. This report is my attempt to capture and share that information.  I hope you find it useful. February Summary First, here...
  • Perception: Case in Point

    I love it when a good, real-life example falls right into your lap. As you know from my recent posts, I’ve been doing a series of articles probing Mozilla and Firefox security claims.  I think I’ve been pretty open about why, but I always seem to get pushback around the idea that there might be some false perceptions out there that I want to push back on. Well, yesterday, Ed Burnette posted a blog entry on his ZDnet blog titled Firefox 3.0.6 fixes 69 bugs, some critical .  This is of course...
  • CIO.COM: Mozilla and “Counting Still Easy…”

    [DISCLOSURE for those who don’t read about boxes: I work for Microsoft.] I admit that I enjoy discussing issues and digging into claims to see if I can find fractures or flaws in logic. When I ran product management teams for companies in previous roles, I would always review our draft product glossies and papers and generate a lot of red ink, providing feedback like “we can’t make this claim, we have no evidence to support it.” There are some countries where that is a particular concern (though...