Brian Krebs at the Washington Post's Security Fix blog wanted to put together some statistics on how long it took major software providers to fix vulnerabilities last year. He started with Microsoft, and found that Internet Explorer was vulnerable to critical flaws for a total of 284 days. That's more than 9 months.
In fact, there were at least 98 days when Microsoft had not issued a fix even though criminals were actively exploiting some of those flaws to grab personal data from Internet Explorer users.
Krebs says he ran his data by Microsoft before posting it on the blog, and that aside from some minor issues, the company didn't bring up anything that would change the overall finding.
By comparison, Firefox was only vulnerable to a serious security threat for one 9 day period last year. What's interesting is that for 2006, Opera 8 and Opera 9 didn't suffer from a single extremely critical vulnerability as classified by Secunia (although both did suffer a single highly critical vulnerability).
Be sure to go read todays post. Krebs takes a look at the number of security patches issued for Microsoft Office in 2006.
No comments:
Post a Comment