Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Studies   (RSS)

Download: Server Core Potential Security Benefit

With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core. Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer Read More...
Posted Thursday, June 12, 2008 5:16 PM by jrjones | 10 Comments
Attachment(s): svr-core-security.pdf

Q1 2008 - Client OS Vulnerability Scorecard

This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Read More...
Posted Thursday, May 15, 2008 12:04 AM by jrjones | 27 Comments
Attachment(s): q108-client-scorecard.pdf

Windows Vista vs Windows XP SP2 Vulnerability Report 2007

In the wake of my Windows Vista One Year Vulnerability Report , I have received many questions regarding the current vulnerability record of Windows Vista as compares with Windows XP SP2. This short paper is a compilation of vulnerability data for Microsoft Read More...
Posted Wednesday, May 14, 2008 11:50 PM by jrjones | 8 Comments
Attachment(s): 2007-vista-vs-xp.pdf

Mac OS X Security - Reality Check #1

UPDATE: A colleague sent me a link to the source paper that the article discusses: http://www.techzoom.net/papers/blackhat_0day_patch_2008.pdf . As anyone who reads my blog knows, I like to shine a light on areas of common security misperceptions. I am Read More...
Posted Thursday, March 27, 2008 10:32 PM by jrjones | 2 Comments

SQL Server - Fact Checking Recent Vulnerability History

UPDATE: The story that originally got my attention has been updated in all of the places I could still find it yesterday, so I'm pulling my references to the story and just focusing on the positive story of SQL Security improvement. Jeff Last week a web-based Read More...
Posted Wednesday, March 05, 2008 10:53 PM by jrjones | 11 Comments

Download: Internet Explorer and Firefox Vulnerability Analysis

Summary: For most people, their web browser is central to their interaction with the Internet, connecting to global web sites and helping them consume online services providing everything from booking flights to banking services to online shopping. This Read More...
Posted Friday, November 30, 2007 4:01 PM by jrjones | 24 Comments
Attachment(s): ie-firefox-vuln-analysis.pdf

Severity Rating Systems - Part 1

Read the full Part 1 on CSOonline . Recently, Red Hat has raised some objections to my use in analysis of the High, Medium and Low severity ratings as determined by the National Institute of Standards (NIST) for the National Vulnerability Database (NVD) Read More...
Posted Friday, November 02, 2007 10:32 PM by jrjones | 0 Comments

Benefit of Security and Privacy Collaboration

This week, Microsoft Executives Ben Fathi and Scott Charney gave respective keynotes at RSA Europe (in London) and the IAPP (international association of privacy professionals) Academy 2007 . More details here . I was at RSA Europe and saw Ben give his Read More...
Posted Thursday, October 25, 2007 11:39 PM by jrjones | 1 Comments

Microsoft Security Intelligence Report - 1st Half 2007

The third volume of the Microsoft Security Intelligence Report (SIR) is now available for download at: www.microsoft.com/sir - this link will take you to a summary portal that has links to the downloadable document, upcoming webcasts about the SIR results, Read More...
Posted Tuesday, October 23, 2007 5:35 PM by jrjones | 1 Comments

Red Hat Enterprise Linux 4 Passes 1000 Vulnerabilities

A few weeks after my July OS Vulnerability Scorecard posting, I was amused to see a posting about it on truthhhappens.redhatmagazine.com (click to see the post). I can't even do it justice by paraphrasing, so here is the text: A Microsoft vulnerability Read More...
Posted Tuesday, October 16, 2007 6:23 PM by jrjones | 5 Comments

What if We Had Vuln-Free Software?

I was in a meeting with a large group of security professional today talking about SDL, reducing vulnerabilities, metrics, and so on - my normal topics - and we got into a really interesting discussion about which areas of focus can get the best practical Read More...
Posted Saturday, September 29, 2007 12:00 AM by jrjones | 1 Comments

July 2007 - Operating System Vulnerability Scorecard

Summer and work travel have really had an impact and I've missed a couple of months of scorecards, so last weekend, I decided to dig in and catch up to July. I hit a few road bumps: Sun changed their Security Alerts web site, making it a bit more challenging. Read More...
Posted Thursday, August 16, 2007 11:47 PM by jrjones | 12 Comments

Windows Vista - 6-Month Vulnerability Study

I was nudged by some colleagues this week, telling me that some folks may only be reading my technet blog, but that I hadn't been doing a great job of cross-posting some things. Six months is a much more interesting time frame than the previous Windows Read More...
Posted Saturday, June 30, 2007 1:34 PM by jrjones | 1 Comments

2006 Client OS Days of Risk

As a follow-up to my previous Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows , where I compare Microsoft, Red Hat, Novell SUSE, Apple Mac OS X and Sun Solaris, I've also completed a look at the latest client products that were available for Read More...
Posted Monday, June 18, 2007 9:19 PM by jrjones | 1 Comments

2006 Days of Risk Comparison

Among the other metrics that I track, I also periodically look at days-of-risk, or the average amount of time that customers are exposed to public vulnerabilities before a vendor provides a patch. You can take a look at the full findings on Days-of-risk Read More...
Posted Friday, June 15, 2007 12:07 PM by jrjones | 2 Comments
More Posts Next page »
 
Page view tracker