A Time to Patch: Is Microsoft getting more nimble at fixing security problems.

A few months back while researching a Microsoft patch from way back in 2003, I began to wonder whether anyone had ever conducted a longitudinal study of Redmond's patch process to see whether the company was indeed getting more nimble at fixing security problems.

For many years, Microsoft has been criticized for taking too long to issue patches, especially when compared with patch releases for flaws found in operating systems or software applications maintained by the open source community, such as Linux or Mozilla's Firefox browser. But I wanted to find out for myself just how long Microsoft takes on average to issue fixes for known software flaws.

Finding no such comprehensive research, Security Fix set about digging through the publicly available data for each patch that Microsoft issued over the past three years that earned a "critical" rating. Microsoft considers a patch "critical" if it fixes a security hole that attackers could use to break into and take control over vulnerable Windows computers. Security Fix - Brian Krebs on Computer and Internet Security - (washingtonpost.com)

Linked by shanmuga Thursday, 12th January 2006 6:50AM