Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Than Half of Known Vista Bugs are Unpatched

Posted by Zonk on from the bugtracker-is-half-empty-attitude dept.

MsManhattan writes "Microsoft security executive Jeff Jones has disclosed that in the first six months of Vista's release, the company has patched fewer than half of the operating system's known bugs. Microsoft has fixed only 12 of 27 reported Vista vulnerabilities whereas it patched 36 of 39 known bugs in Windows XP in the first six months following its release. Jones says that's because "Windows Vista continues to show a trend of fewer total and fewer high-severity vulnerabilities at the six month mark compared to ... Windows XP," but he did not address the 15 unpatched flaws."

3 of 257 comments (clear)

  1. In Other Words by camperdave · · Score: 5, Insightful

    Jones says that's because "Windows Vista continues to show a trend of fewer total and fewer high-severity vulnerabilities at the six month mark compared to ... Windows XP,"

    So, they're not fixing the bugs because Vista is less buggy than XP? Whatever happened to fixing it because it was broken?

    --
    When our name is on the back of your car, we're behind you all the way!
  2. Re:Why would you ever..... by ThinkFr33ly · · Score: 5, Insightful

    Well, they didn't.

    If you RTFA, you'll see that Vista's unpatched vulnerabilities are not considered "critical" because, thanks to Vista's improved security model, are virtually impossible to exploit.

    Slashdot actually managed to spin a highly positive analysis of Vista into something that suggests Vista is not only worse than XP, but Microsoft is somehow going out of its way *not* to fix it.

    Gotta love it. Slashdot is the GOP of technology news sites.

  3. Re:Why would you ever..... by ThinkFr33ly · · Score: 4, Insightful

    And I think you'll see that thanks to my new and improved door lock, the fact that I leave my windows unlatched is not a critical security issue. What a completely nonsensical and inaccurate comparison. Microsoft's Secure Development Lifecycle has almost certainly dramatically improved the quality of their code. This report, plus 3rd party counts of vulnerabilities, support this conclusion.

    But no matter how good your code is, things will be missed. That's the point of having things like Address Space Layout Randomization, IE 7 Protected Mode, Session 0 Isolation, and the dozens of other security layers that Microsoft added to Vista.

    Furthermore, being rated non-critical can often mean that it requires significant user action (like turning off multiple security features) in order to make a user vulnerable.

    What's next, are you going to blame Microsoft when a user smacks their motherboard with a hammer?

    The fact of the matter is, that at least so far, Vista is proving to be the most secure OS on the market. (Aside from perhaps OpenBSD, of course. :) If you have data that suggests otherwise, then provide it.

    Otherwise, keep your silly analogies to yourself.