I was more than pleased to see Microsoft step out of the monthly patch cycle to release MS06-055. Hopefully, this rare event will reoccur as necessary.
Microsoft patch statistics continue to bode poorly for IE. According to the Symantec Internet Security Threat Report, Trends for January 06 - June 06, "Microsoft had the longest exposure-to-patch time in the browser industry...it took Microsoft an average of nine days to issue a bug fix, while Apple published a patch within five days, Opera within two days and Mozilla within one day." In my previous post, where I mentioned three days for Mozilla to patch, I was obviously overstated their average.
To be fair, MS is making strides on the OS front. Again, from Symantec's report, "Microsoft, however, leads the ranking in the operating system segment: The exposure time of a Windows security issue was 13 days; Sun had the longest patch release time with 89 days followed by HP with 53 days. Apple took an average of 37 days. Red Hat matched Microsoft's time of 13 days."
So, two up, one down for MS...better, getting better.
Russ McRee's HolisticInfoSec™ includes articles and research, as well as feedback and an occasional rant. HolisticInfoSec™ promotes standards, simplicity, tooling and efficiency in achieving holistic information security.
Monday, October 02, 2006
Subscribe to:
Posts (Atom)
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ... -
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
Ladies and gentlemen, for our main attraction, I give you...The HELK vs APTSimulator, in a Death Battle! The late, great Randy "Macho...
