[PSNUG.org News] Apple not as secure as we thought...
Ross McKenzie
rmcken at mac.com
Sat Mar 29 10:40:26 PDT 2008
From the study:
We measure and compare the performance of the vulnerability handling
and patch development process of Microsoft and Apple to better
understand
the security ecosystem. We introduce the 0-day patch rate as a new
metric; being
the number of patches a vendor is able to release at the day of the
public disclosure
of a new vulnerability.
Say you have 20 cve's, and you patch 15 right away. But the last 5
languish for 6 months. The other company has 20 also, patched 10 right
away. But gets to the other 10 in 6 weeks. Which is "better". The
window of vulnerability is much larger in the first case. I think the
study focused on 'zero-day patches' because it was easy to quantify.
Studies that I've seen that try to quantify the 'window of
vulnerability' were all fairly weak, it's a difficult question to
answer. An old statistical problem- counting what you can, not what
you need.
I can't argue with the sentiment that all the vendors need to work
harder on security. And I won't be giving up my macs yet, nor my
windows (except maybe vista).
ross
On Mar 28, 2008, at 4:29 PM, Randy Grein wrote:
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9072498&source=NLT_SEC&nlid=38
>
> Disturbing news. I won't give up my Macs just yet, but Apple had
> better get on the stick.
> Randy Grein, Master CNE, CCNA
>
>
> _______________________________________________
> News mailing list
> News at psnug.org
> http://psnug.org/mailman/listinfo/news_psnug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://psnug.org/pipermail/news_psnug.org/attachments/20080329/df41b63a/attachment.htm
More information about the News
mailing list