Monday, October 02, 2006

...and break the cycle they did.

I was more than pleased to see Microsoft step out of the monthly patch cycle to release MS06-055. Hopefully, this rare event will reoccur as necessary.
Microsoft patch statistics continue to bode poorly for IE. According to the Symantec Internet Security Threat Report, Trends for January 06 - June 06, "Microsoft had the longest exposure-to-patch time in the browser industry...it took Microsoft an average of nine days to issue a bug fix, while Apple published a patch within five days, Opera within two days and Mozilla within one day." In my previous post, where I mentioned three days for Mozilla to patch, I was obviously overstated their average.
To be fair, MS is making strides on the OS front. Again, from Symantec's report, "Microsoft, however, leads the ranking in the operating system segment: The exposure time of a Windows security issue was 13 days; Sun had the longest patch release time with 89 days followed by HP with 53 days. Apple took an average of 37 days. Red Hat matched Microsoft's time of 13 days."
So, two up, one down for MS...better, getting better.

No comments:

Moving blog to HolisticInfoSec.io

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...