RSSSaw this on Slashdot originally, but the Washington Post is reporting that its taking Microsoft 25% longer (now ~135 days) to get critical patches out the door. This number falls to ~45 (from 71 days in 2003 and 55 days in 2004) when dealing with fully disclosed issues.
The company also seems to have done a better job convincing security researchers to give it time to develop a patch before going public with their vulnerability findings. In 2003, Microsoft learned of at least eight critical Windows vulnerabilities through full disclosure. Last year, this happened half as many times.
It looks like Microsoft is taking more time to verify and rigorously test the patches before they go out the door. When dealing with Security, QA is not something that should be neglected regardless of what the purported threat level may be. I don’t particularily have a problem with this and I’m sure that if the issue was deemed (by whom?) of critical enough importance that resources could be allocated to significantly reduce that 45 days. In fact we saw this happen earlier this year with MS patching a 0day exploit within 10 days.
Caveat of this post is that Windows is not actually my primary operating system. Sure I’ve got a Windows partition on my laptop but day to day, and much of the past decade, I’ve been a Linux user. Unfortunately, it’s going to take more than Security improvements to see me moving my development back to Windows.
-
Pet Peeve: Don’t email my password to me in plain text You know the drill.
Signup for some random service on the internet
Receive a confirmation email with your account information
or
Forget a password for some random service ...
-
Eclipise Memory Analyzer (MAT) I must say the Eclipse Memory Analyzer looks pretty slick. There is some pretty good material over on the developers blog. Lastly, there was a talk on it ...
-
Open-source Web-based Code Review Tool: Rietveld Guido van Rossum, of Python fame, has recently released a Django-based application that enables web-based code reviews... Rietveld.
It supports any language and currently can hook into Subversion repositories. You ...
-
An implementation of the JVM in Javascript? Caught this over on JavaPosse Google Groups.
Essentially, some bright fellows over in Japan have developed a bytecode->javascript compiler. There's a demo floating around that took a Tetris ...
-
Facebook Chat? So it looks like the Facebook Chat service has finally started rolling out to my network (Facebook Chat has been mentioned previously).
Not quite sure how ...
Latest Entries
- Lessons Learned as a Project Lead
- Good ANTLR Resource
- Testing with Unitils
- Headed to Kelowna for a short vacation (and the laptop stays behind)
- Seam + Groovy + Maven : Nice Simple Hibernate POJOs
- Pet Peeve: Don’t email my password to me in plain text
- Eclipise Memory Analyzer (MAT)
- caBIG Annual Meeting - A developers perspective
- OS X + Java6: java.lang.UnsatisfiedLinkError: /usr/lib/java/libObjCJava.A.dylib
- Getting started with JBoss Seam and Maven
Blogroll
No Comments
Leave a Comment
trackback address