Microsoft's average response time to security flaws
Sat, 2006.01.14 - 05:28 — müzso
I've found an article about Microsoft's responsiveness (MTTR) to security flaws in their products. Here's the point:
"[Washington Post] In cases where Microsoft learned of a flaw in its products through full disclosure, the company has indeed gotten speedier. In 2003, it took an average of 71 days to release a fix for one of these flaws. In 2004 that time frame decreased to 55 days, and in 2005 shrank further to 46 days."
It seems the best MS has to offer (in case a security flaw is made public) is 46 days regarding critical flaws (critical -> Microsoft considers a patch "critical" if it fixes a security hole that attackers could use to break into and take control over vulnerable Windows computers). I'm not a security expert myself, but if my company would allow such a shameful MTTR, we would definitely fall out of business pretty soon.
This report has an important message to the average Window user too: never trust in your PC being secured just because you have every patch installed that MS has ever released for your operating system! At any given time your PC has most probably more than one critical and published vulnerability that has not yet been fixed.
So if you ever heard from a professional that a personal firewall and an anti-virus are the minimal protection required for a PC ... do not doubt on that one.
It doesn't even cost you any money since there're lots of free products available in both categories.
"[Washington Post] In cases where Microsoft learned of a flaw in its products through full disclosure, the company has indeed gotten speedier. In 2003, it took an average of 71 days to release a fix for one of these flaws. In 2004 that time frame decreased to 55 days, and in 2005 shrank further to 46 days."
It seems the best MS has to offer (in case a security flaw is made public) is 46 days regarding critical flaws (critical -> Microsoft considers a patch "critical" if it fixes a security hole that attackers could use to break into and take control over vulnerable Windows computers). I'm not a security expert myself, but if my company would allow such a shameful MTTR, we would definitely fall out of business pretty soon.
This report has an important message to the average Window user too: never trust in your PC being secured just because you have every patch installed that MS has ever released for your operating system! At any given time your PC has most probably more than one critical and published vulnerability that has not yet been fixed.
So if you ever heard from a professional that a personal firewall and an anti-virus are the minimal protection required for a PC ... do not doubt on that one.
It doesn't even cost you any money since there're lots of free products available in both categories.
All of my own contents here (if not noted otherwise) are licensed under the
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Creative Commons Attribution-NonCommercial-ShareAlike 4.0 License. My posts reflect my personal opinion and shall not be associated with any of my employers.
Recent comments
1 year 42 weeks ago
3 years 11 weeks ago
3 years 12 weeks ago
3 years 13 weeks ago
3 years 14 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 21 weeks ago
3 years 22 weeks ago