Digital Edition

SYS-CON.TV
Microsoft Better at Fixing Security Holes
Microsoft Better at Fixing Security Holes

Comparing all the Windows platforms that came out between June 1 of 2002 and May 31 of 2003 with all variants Red Hat, MandrakeSoft, Debian and SUSE, Forrester has concluded that Microsoft is better at patching vulnerabilities than the Linux folk.

Microsoft averaged 25 days "at risk"- in other words, the number of days between a vulnerability becoming public and the first patch - while Red Hat and Debian tied for second place at 57 days and Mandrake dragged in at 82 days.

Microsoft also did a better job than Linux in the thoroughness of patching vulnerabilities. Red Hat was good for 99.6% and Debian for 96.2%.

However, Microsoft had more serious flaws than Red Hat or Debian. Sixty-seven percent of Redmond vulnerabilities were rated high severity compared to 56% for Red Hat and 57% for Debian.

Of course, numbers don't tell the whole story. A lot depends on a customer's alacrity in applying patches and the ease of deploying them. Forrester's analysis of nine highest-profile Windows security incidents revealed that although Microsoft's patches predated the outbreaks by an average of 305 days, most firms had failed to apply the patches

About Maureen O'Gara
Maureen O'Gara the most read technology reporter for the past 20 years, is the Cloud Computing and Virtualization News Desk editor of SYS-CON Media. She is the publisher of famous "Billygrams" and the editor-in-chief of "Client/Server News" for more than a decade. One of the most respected technology reporters in the business, Maureen can be reached by email at maureen(at)sys-con.com or paperboy(at)g2news.com, and by phone at 516 759-7025. Twitter: @MaureenOGara

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

It also depends on whether you rely on Red Hat or another distribution for your systems. For example, if you download and use OpenSSH directly, you can get patches quickly. It takes longer for that fix then to be put into the Red Hat system. So, it just goes to show you that when a corporation packages OSS, you get less than if you do OSS directly.




ADS BY GOOGLE
Subscribe to the World's Most Powerful Newsletters

ADS BY GOOGLE

Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism...
Dynatrace is an application performance management software company with products for the informatio...
In his session at 21st Cloud Expo, Michael Burley, a Senior Business Development Executive in IT Ser...
Having been in the web hosting industry since 2002, dhosting has gained a great deal of experience w...
NanoVMs is the only production ready unikernel infrastructure solution on the market today. Unikerne...
All in Mobile is a mobile app agency that helps enterprise companies and next generation startups bu...
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO Silicon Valley 2019 will cover all of these tools, with the m...
SUSE is a German-based, multinational, open-source software company that develops and sells Linux pr...
Yottabyte is a software-defined data center (SDDC) company headquartered in Bloomfield Township, Oak...
Your job is mostly boring. Many of the IT operations tasks you perform on a day-to-day basis are rep...
Serveless Architectures brings the ability to independently scale, deploy and heal based on workload...
Technological progress can be expressed as layers of abstraction - higher layers are built on top of...
When building large, cloud-based applications that operate at a high scale, it’s important to mainta...
Whenever a new technology hits the high points of hype, everyone starts talking about it like it wil...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements...
Every organization is facing their own Digital Transformation as they attempt to stay ahead of the c...
"Calligo is a cloud service provider with data privacy at the heart of what we do. We are a typical ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, disc...
Bill Schmarzo, Tech Chair of "Big Data | Analytics" of upcoming CloudEXPO | DXWorldEXPO New York (No...
Chris Matthieu is the President & CEO of Computes, inc. He brings 30 years of experience in developm...