Microsoft has the shortest Security Update Development cycle

Have you had a look at Symantec's latest Threat Report? It can be found here: http://www.symantec.com/content/de/de/about/downloads/PressCenter/ISTRXII_Main.pdf

I briefly read through it and one statement caught my eye:

Page 54: Of the five operating systems tracked in the first six months of 2007 (figure 18), Microsoft had the shortest average patch development time at 18 days, based on a sample set of 38 patched vulnerabilities. Of the 38 vulnerabilities, two affected third-party applications. This is lower than the average patch development time of 23 days in the second half of 2006 based on a sample set of 50 vulnerabilities, seven of which affected third-party applications.

This is a very motivating data point as this is one of the different things we have to be good at – besides making sure that we can reduce the number of vulnerabilities through processes like the Security Development Lifecycle. We proved the impact of SDL already:

See Jeff Jones' Windows Vista - 6 Month Vulnerability Report to get these details.

Roger

Published 26 October 07 04:32 by rhalbh

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Windows Vista News said on October 26, 2007 11:45 AM:

There is an interesting post over at blogs.technet.com

Leave a Comment

(required) 
(optional)
(required) 

  
Enter Code Here: Required

Search

This Blog

Chat directly with me if you want. Go to my About page to find a web messenger!

Visit ourPhoto Gallery

Locations of visitors to this page

Rogers Security Blog at Blogged Add to Technorati Favorites

Syndication

Page view tracker