Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Studies   (RSS)

Supplemental Data for Calculating Mozilla Patching Speed

A couple of days ago, Secunia published their Secunia 2008 Report , and one of their tables garnered quite a bit of attention with respect to Mozilla patching quickly: Brian Krebs , Washington Post, Fanning the Flames of the Browser Security Wars Brian Read More...
Posted Monday, March 09, 2009 10:34 PM by jrjones | 3 Comments

Feb09 Security Bulletin SDL Benefit Summary

Summaries from previous months: Jan09 Security Bulletin SDL Benefit Summary When I do analysis and reports on Microsoft products, I typically look for where the Security Development Lifecycle (SDL) has helped to provide improvement and provide some stats Read More...
Posted Wednesday, February 11, 2009 12:24 PM by jrjones | 2 Comments

CIO.COM: Mozilla and “Counting Still Easy…”

[DISCLOSURE for those who don’t read about boxes: I work for Microsoft.] I admit that I enjoy discussing issues and digging into claims to see if I can find fractures or flaws in logic. When I ran product management teams for companies in previous roles, Read More...
Posted Thursday, February 05, 2009 7:03 PM by jrjones | 1 Comments

Brian Krebs Blog on ‘at Risk’ Chart Methodology

I am a couple of articles into my series: Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? , and Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? (Part 2) In part 2, I probed Mozilla’s usage of an ‘at risk’ Read More...
Posted Friday, January 30, 2009 6:57 PM by jrjones | 1 Comments

CIO.COM: Can Mozilla Support Their Security Claims?

Mozilla bills Firefox as the most secure Web browser on the planet, but is it really? Follow along with this series and see if the claims hold up to close scrutiny. Today, I started a multi-part article series on cio.com (Security landing page: http://www.cio.com/topic/1419/Security Read More...
Posted Thursday, January 15, 2009 12:24 AM by jrjones | 28 Comments

SIRV5 Vulnerability Trends Webcast - 2 of 2 - Microsoft Trends

With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this second one, I go over the vulnerability disclosure trends for Read More...
Posted Tuesday, November 18, 2008 4:34 PM by jrjones | 1 Comments

SIRv5 Vulnerability Trends Webcast - 1 of 2 - Industry Trends

With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this first one, I go over the industry-wide trends.   1H08 Read More...
Posted Thursday, November 06, 2008 9:36 PM by jrjones | 1 Comments

Security Intelligence Report v5

This morning, we released the latest version of the Microsoft Security Intelligence Report (SIRv5), examining industry-wide software vulnerability disclosures, Microsoft vulnerability disclosures and exploits, malicious software (malware), and potentially Read More...
Posted Monday, November 03, 2008 11:29 PM by jrjones | 1 Comments

Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. Read More...
Posted Monday, October 27, 2008 8:00 AM by jrjones | 10 Comments
Attachment(s): 1H08-desktop-vuln-report.pdf

Download: Server Core Potential Security Benefit

With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core. Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer Read More...
Posted Thursday, June 12, 2008 5:16 PM by jrjones | 11 Comments
Attachment(s): svr-core-security.pdf

Q1 2008 - Client OS Vulnerability Scorecard

This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Read More...
Posted Thursday, May 15, 2008 12:04 AM by jrjones | 39 Comments
Attachment(s): q108-client-scorecard.pdf

Windows Vista vs Windows XP SP2 Vulnerability Report 2007

In the wake of my Windows Vista One Year Vulnerability Report , I have received many questions regarding the current vulnerability record of Windows Vista as compares with Windows XP SP2. This short paper is a compilation of vulnerability data for Microsoft Read More...
Posted Wednesday, May 14, 2008 11:50 PM by jrjones | 9 Comments
Attachment(s): 2007-vista-vs-xp.pdf

Mac OS X Security - Reality Check #1

UPDATE: A colleague sent me a link to the source paper that the article discusses: http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf . As anyone who reads my blog knows, I like to shine a light on areas of common security misperceptions. I am Read More...
Posted Thursday, March 27, 2008 10:32 PM by jrjones | 2 Comments

SQL Server - Fact Checking Recent Vulnerability History

UPDATE: The story that originally got my attention has been updated in all of the places I could still find it yesterday, so I'm pulling my references to the story and just focusing on the positive story of SQL Security improvement. Jeff Last week a web-based Read More...
Posted Wednesday, March 05, 2008 10:53 PM by jrjones | 14 Comments

Download: Internet Explorer and Firefox Vulnerability Analysis

Summary: For most people, their web browser is central to their interaction with the Internet, connecting to global web sites and helping them consume online services providing everything from booking flights to banking services to online shopping. This Read More...
Posted Friday, November 30, 2007 4:01 PM by jrjones | 24 Comments
Attachment(s): ie-firefox-vuln-analysis.pdf
More Posts Next page »
 
Page view tracker