External News

Browse by Tags

• Apple
• Black Hat
• Commentary
• Cool
• Database
• Firefox
• IE
• Linux
• Mac OS X
• Microsoft
• Novell
• NVD
• Open Source
• Oracle
• People
• privacy
• Red Hat
• RSAConference
• SDL
• Security Bulletins
• Security Intelligence Report
• SecurityGuy
• SIR
• SQL Server
• SuSE
• Symantec
• TechEd
• UAC
• Ubuntu
• Vista
• Vulnerabilities
• Vulns
• Windows
• Windows Server
• Windows vs Linux
• Windows XP SP2

• SIRV5 Vulnerability Trends Webcast - 2 of 2 - Microsoft Trends

  With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this second one, I go over the vulnerability disclosure trends for... Posted Nov 18 2008, 10:34 AM by TechNet Blogs Filed under: Security, Studies, Security Intelligence Report, Vulnerabilities, Vulns, SecurityGuy, SIR

• SIRv5 Vulnerability Trends Webcast - 1 of 2 - Industry Trends

  With the recent release of v5 of the Security Intelligence Report, I decided to produce a couple of webcast videos where I present my findings to you directly in a brief presentation. In this first one, I go over the industry-wide trends.   1H08... Posted Nov 06 2008, 03:36 PM by TechNet Blogs Filed under: Security, Studies, Security Intelligence Report, Vulnerabilities, Vulns, SecurityGuy, SIR

• Security Intelligence Report v5

  This morning, we released the latest version of the Microsoft Security Intelligence Report (SIRv5), examining industry-wide software vulnerability disclosures, Microsoft vulnerability disclosures and exploits, malicious software (malware), and potentially... Posted Nov 03 2008, 05:29 PM by TechNet Blogs Filed under: Security, Microsoft, Studies, Security Intelligence Report

• Download: H1 2008 Desktop OS Vendor Report - Vulnerabilities and Days-of-Risk

  This report looks at all of the vulnerabilities fixed by Apple, Microsoft, Red Hat and Ubuntu during the first half of 2008. At the vendor level, the report examines all vulnerabilities as well as Days of Risk (DoR) associated with those vulnerabilities... Posted Oct 27 2008, 02:00 AM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Apple, Studies, Mac OS X, Windows vs Linux, Open Source, Red Hat, Ubuntu, Windows XP SP2, Vulnerabilities, SDL, Vulns, NVD, Security Bulletins

• Download: Server Core Potential Security Benefit

  With Windows Server 2008, the Microsoft Windows Server team introduced a new installation option –Server Core. Server Core is a “minimal install” option of Windows Server that excludes much of the GUI and many applications – such as Internet Explorer... Posted Jun 12 2008, 11:16 AM by TechNet Blogs Filed under: Security, Windows, Microsoft, Windows Server, Studies, Cool, TechEd, Security Bulletins

• Q1 2008 - Client OS Vulnerability Scorecard

  This paper is a compilation of vulnerability data for client operating systems for the first 3 month, January through March, of 2008. Vulnerabilities and fixes for the following products are discussed: Microsoft Windows Vista Microsoft Windows XP SP2... Posted May 14 2008, 06:04 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Apple, Studies, Mac OS X, Windows vs Linux, Open Source, Linux, Red Hat, UAC, Ubuntu, Windows XP SP2, Vulnerabilities, Vulns, NVD

• Windows Vista vs Windows XP SP2 Vulnerability Report 2007

  In the wake of my Windows Vista One Year Vulnerability Report , I have received many questions regarding the current vulnerability record of Windows Vista as compares with Windows XP SP2. This short paper is a compilation of vulnerability data for Microsoft... Posted May 14 2008, 05:50 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Studies, UAC, Windows XP SP2, Vulnerabilities, Vulns

• Mac OS X Security - Reality Check #1

  As anyone who reads my blog knows, I like to shine a light on areas of common security misperceptions. I am even happier when others do it. I think Apple has really taken a playbook from Oracle (ie, "Unbreakable marketing") with respect to security in... Posted Mar 27 2008, 05:32 PM by TechNet Blogs Filed under: Security, Microsoft, Studies, Mac OS X, Black Hat

• SQL Server - Fact Checking Recent Vulnerability History

  Last week a web-based news story comes to my attention - Microsoft's glasnost on interoperability means more bugs . The article poses an interesting question of whether Microsoft's recent changes to expand interoperability will make it easier for researchers... Posted Mar 05 2008, 05:53 PM by TechNet Blogs Filed under: Security, Microsoft, SQL Server, Studies, Oracle, Database

• Download: Internet Explorer and Firefox Vulnerability Analysis

  Summary: For most people, their web browser is central to their interaction with the Internet, connecting to global web sites and helping them consume online services providing everything from booking flights to banking services to online shopping. This... Posted Nov 30 2007, 11:01 AM by TechNet Blogs Filed under: Security, Vista, IE, Microsoft, Studies, Windows vs Linux, Open Source, Firefox

• Severity Rating Systems - Part 1

  Read the full Part 1 on CSOonline . Recently, Red Hat has raised some objections to my use in analysis of the High, Medium and Low severity ratings as determined by the National Institute of Standards (NIST) for the National Vulnerability Database (NVD... Posted Nov 02 2007, 05:32 PM by TechNet Blogs Filed under: Security, Microsoft, Studies, Linux, Red Hat, Commentary

• Benefit of Security and Privacy Collaboration

  This week, Microsoft Executives Ben Fathi and Scott Charney gave respective keynotes at RSA Europe (in London) and the IAPP (international association of privacy professionals) Academy 2007 . More details here . I was at RSA Europe and saw Ben give his... Posted Oct 25 2007, 06:39 PM by TechNet Blogs Filed under: Security, Microsoft, Studies, privacy, RSAConference

• Microsoft Security Intelligence Report - 1st Half 2007

  The third volume of the Microsoft Security Intelligence Report (SIR) is now available for download at: www.microsoft.com/sir - this link will take you to a summary portal that has links to the downloadable document, upcoming webcasts about the SIR results... Posted Oct 23 2007, 12:35 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Studies

• Red Hat Enterprise Linux 4 Passes 1000 Vulnerabilities

  A few weeks after my July OS Vulnerability Scorecard posting, I was amused to see a posting about it on truthhhappens.redhatmagazine.com (click to see the post). I can't even do it justice by paraphrasing, so here is the text: A Microsoft vulnerability... Posted Oct 16 2007, 01:23 PM by TechNet Blogs Filed under: Security, Microsoft, Studies, Open Source, Linux, Red Hat, Commentary

• What if We Had Vuln-Free Software?

  I was in a meeting with a large group of security professional today talking about SDL, reducing vulnerabilities, metrics, and so on - my normal topics - and we got into a really interesting discussion about which areas of focus can get the best practical... Posted Sep 28 2007, 07:00 PM by TechNet Blogs Filed under: Security, Microsoft, Studies, Commentary

• July 2007 - Operating System Vulnerability Scorecard

  Summer and work travel have really had an impact and I've missed a couple of months of scorecards, so last weekend, I decided to dig in and catch up to July. I hit a few road bumps: Sun changed their Security Alerts web site, making it a bit more challenging... Posted Aug 16 2007, 06:47 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Studies, Mac OS X, Open Source, Linux, Ubuntu, SuSE

• 2006 Client OS Days of Risk

  As a follow-up to my previous Days-of-risk in 2006 : Linux, Mac OS X, Solaris and Windows , where I compare Microsoft, Red Hat, Novell SUSE, Apple Mac OS X and Sun Solaris, I've also completed a look at the latest client products that were available for... Posted Jun 18 2007, 04:19 PM by TechNet Blogs Filed under: Security, Windows, Microsoft, Studies, Mac OS X, Open Source, Linux, Red Hat, SuSE

• 2006 Days of Risk Comparison

  Among the other metrics that I track, I also periodically look at days-of-risk, or the average amount of time that customers are exposed to public vulnerabilities before a vendor provides a patch. You can take a look at the full findings on Days-of-risk... Posted Jun 15 2007, 07:07 AM by TechNet Blogs Filed under: Security, Windows, Microsoft, Studies, Windows vs Linux, Linux, Red Hat, SuSE

• Windows XP vs Windows Vista Security

  So, a couple of days ago, I happened upon the tantalizing headline of Review: Vista, XP Users Equally At Peril To Viruses, Exploits. What!? As you can imagine, the headline sucked me in and I had to read it. Frankly, the article as well as the scientific... Posted Jun 01 2007, 05:21 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Studies, Commentary

• Mr. Jones Goes to TechEd

  TechEd 2007 is coming next week and I am excited to have two sessions this year. If you sometimes find the information I post on the blog here interesting, then I think you'll enjoy these sessions. In any case, stop by and say hi. MONDAY - SEC208 - Jeff... Posted May 29 2007, 02:39 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Studies, Windows vs Linux, People, TechEd

• Background and Overview for Days-of-Risk

  I just published a Basic Guide to Days of Risk over on my CSO Magazine Blog , in preparation for a new quarterly days-of-risk study I'm going to start publishing. If you don't have a good understanding of the days-of-risk metrics, the post will give you... Posted May 18 2007, 06:52 PM by TechNet Blogs Filed under: Security, Windows, Microsoft, Studies, Windows vs Linux, Open Source, Linux, Red Hat

• March 2007 - Vuln Scorecard

  I just posted my March 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Novell, Sun, and Mac OS X, broken down by server and workstation. Here is... Posted Apr 05 2007, 04:01 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Studies, Mac OS X, Windows vs Linux, Open Source, Linux, Red Hat, Ubuntu, SuSE

• Just for Fun: Covering My Coverage

  Since published my Windows Vista - 90 Day Vulnerability Report , I have been reading a lot of the various commentary and generally, I take it with a grain of salt. Many of the comments indicate that the person didn't even read the report, which is fairly... Posted Mar 30 2007, 04:49 PM by TechNet Blogs Filed under: Security, Microsoft, Studies, Commentary

• Windows Vista 90 Day Vulnerability Analysis

  February 28 th marked 90 days that Windows Vista had been available to business customers. Has it been a good or a bad 90 days for security vulnerabilities? Dang, this is a sweet chart, but click here to read all the details and download the full report... Posted Mar 21 2007, 04:45 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Studies, Mac OS X, Windows vs Linux, Open Source, Linux, Red Hat, Symantec, Novell, SuSE

• January 2007 - Vuln Scorecard

  I just posted my January 2007 - Operating System Vulnerability Scorecard over on CSOOnline, which includes charts comparing the vulnerabilities in Windows, Red Hat Linux, Ubuntu, Sun, and Mac OS X, broken down by server and workstation. I do include the... Posted Feb 27 2007, 04:13 PM by TechNet Blogs Filed under: Security, Vista, Windows, Microsoft, Studies, Mac OS X, Windows vs Linux, Linux, Red Hat, Ubuntu