Microsoft Security Blog

The official Microsoft blog for discussing industry and Microsoft security topics.

Browse by Tags

  • Blog Post: March 2007 - Vuln Scorecard

    I just posted my March 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Novell, Sun, and Mac OS X, broken down by server and workstation. Here is the workstation chart: I plan to update this...
  • Blog Post: February 2007 - Vuln Scorecard

    I just posted my February 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Novell, Sun, and Mac OS X, broken down by server and workstation. I do include the first 3 months of Windows Vista as...
  • Blog Post: 2006 Client OS Days of Risk

    As a follow-up to my previous Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows , where I compare Microsoft, Red Hat, Novell SUSE, Apple Mac OS X and Sun Solaris, I've also completed a look at the latest client products that were available for the full year of 2006 (this means Novell NLD9 instead...
  • Blog Post: Windows Vista - 6-Month Vulnerability Study

    I was nudged by some colleagues this week, telling me that some folks may only be reading my technet blog, but that I hadn't been doing a great job of cross-posting some things. Six months is a much more interesting time frame than the previous Windows Vista - 90 Day Vulnerability Report , and gives...
  • Blog Post: July 2007 - Operating System Vulnerability Scorecard

    Summer and work travel have really had an impact and I've missed a couple of months of scorecards, so last weekend, I decided to dig in and catch up to July. I hit a few road bumps: Sun changed their Security Alerts web site, making it a bit more challenging. I gave up for now, but will try to add them...
  • Blog Post: Windows Vista 90 Day Vulnerability Analysis

    February 28 th marked 90 days that Windows Vista had been available to business customers. Has it been a good or a bad 90 days for security vulnerabilities? Dang, this is a sweet chart, but click here to read all the details and download the full report . Best regards ~ Jeff
  • Blog Post: 2006 Days of Risk Comparison

    Among the other metrics that I track, I also periodically look at days-of-risk, or the average amount of time that customers are exposed to public vulnerabilities before a vendor provides a patch. You can take a look at the full findings on Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows...
  • Blog Post: Microsoft and Novell Linux Partnership

    I've gotten quite a few questions about what this partnership means, but I think the best response is to point people to Bill Hilf on Port25 . Bill is the GM for platform strategy and the original guy who got the Linux/OSS interoperability lab started at Microsoft and the person who...