Saturday, April 15, 2006

On "Microsoft silently fixing security vulnerabilities"

A good question indeed:

[Dailydave] Microsoft silently fixes security vulnerabilities: "I also would like to point some interesting statistics: by browsing the list of MS security advisories released over the past 2 years, at least 75% of all vulnerabilites credit external security researchers for having discovered them. The remaining 25% are either anonymously reported vulnerabilities, or are discovered internally by
Microsoft itself.

Do you guys believe that MS (a multi-billion dollar software company stating 'security is our priority number one') is only able to detect and publicly report less than 25% of the vulnerabilities in its products ?"

Ideas? Discussion?

Dr Anton Chuvakin