Welcome to TechNet Blogs Sign in | Join | Help

Browse by Tags

All Tags » Vulnerabilities   (RSS)

Security Intelligence Report v6

This morning, we released the latest version of the Microsoft Security Intelligence Report (SIRv6), examining industry-wide software vulnerability disclosures, Microsoft vulnerability disclosures and exploits, malicious software (malware), and potentially Read More...
Posted Wednesday, April 08, 2009 8:37 PM by jrjones | 1 Comments

Supplemental Data for Calculating Mozilla Patching Speed

A couple of days ago, Secunia published their Secunia 2008 Report , and one of their tables garnered quite a bit of attention with respect to Mozilla patching quickly: Brian Krebs , Washington Post, Fanning the Flames of the Browser Security Wars Brian Read More...
Posted Monday, March 09, 2009 10:34 PM by jrjones | 3 Comments

Perception: Case in Point

I love it when a good, real-life example falls right into your lap. As you know from my recent posts, I’ve been doing a series of articles probing Mozilla and Firefox security claims.  I think I’ve been pretty open about why, but I always seem to Read More...
Posted Thursday, February 05, 2009 8:38 PM by jrjones | 3 Comments

CIO.COM: Mozilla and “Counting Still Easy…”

[DISCLOSURE for those who don’t read about boxes: I work for Microsoft.] I admit that I enjoy discussing issues and digging into claims to see if I can find fractures or flaws in logic. When I ran product management teams for companies in previous roles, Read More...
Posted Thursday, February 05, 2009 7:03 PM by jrjones | 1 Comments

Brian Krebs Blog on ‘at Risk’ Chart Methodology

I am a couple of articles into my series: Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? , and Can Mozilla Support Claims of Firefox Being the Most Secure Web Browser? (Part 2) In part 2, I probed Mozilla’s usage of an ‘at risk’ Read More...
Posted Friday, January 30, 2009 6:57 PM by jrjones | 1 Comments

IEEE Security & Privacy: Estimating Software Vulnerabilities

I thought I had posted this link in the past, but it turns out I did not, so ... Last summer (2007), one of my papers was published in IEEE Security & Privacy, which describes a method for estimating the number of disclosed but unfixed vulnerabilities Read More...
Posted Tuesday, December 09, 2008 12:05 AM by jrjones | 2 Comments

SIRV5 Vulnerability Trends Webcast - 2 of 2 - Microsoft Trends

With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this second one, I go over the vulnerability disclosure trends for Read More...
Posted Tuesday, November 18, 2008 4:34 PM by jrjones | 1 Comments

SIRv5 Vulnerability Trends Webcast - 1 of 2 - Industry Trends

With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this first one, I go over the industry-wide trends.   1H08 Read More...
Posted Thursday, November 06, 2008 9:36 PM by jrjones | 1 Comments

Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities. Read More...
Posted Monday, October 27, 2008 8:00 AM by jrjones | 10 Comments
Attachment(s): 1H08-desktop-vuln-report.pdf

Exploitability Index - More Information for Customers

Yesterday at Black Hat 2008, along with some other stuff , we announced that we will be adding some new information to Security Bulletins - an "Exploitability Index" for each of the vulnerabilities addressed by the bulletin. Based upon talking with Microsoft Read More...
Posted Wednesday, August 06, 2008 5:20 PM by jrjones | 1 Comments

Q1 2008 - Client OS Vulnerability Scorecard

This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2 Read More...
Posted Thursday, May 15, 2008 12:04 AM by jrjones | 38 Comments
Attachment(s): q108-client-scorecard.pdf

Windows Vista vs Windows XP SP2 Vulnerability Report 2007

In the wake of my Windows Vista One Year Vulnerability Report , I have received many questions regarding the current vulnerability record of Windows Vista as compares with Windows XP SP2. This short paper is a compilation of vulnerability data for Microsoft Read More...
Posted Wednesday, May 14, 2008 11:50 PM by jrjones | 9 Comments
Attachment(s): 2007-vista-vs-xp.pdf
 
Page view tracker