Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft or Apple - Who Is the Faster Patcher?

Posted by ryuzaki0 on from the go-speed-patcher-gooo dept.

Amy Bennett writes "And the answer is... Microsoft. Researchers from the Swiss Federal Institute of Technology analyzed 658 high-risk and medium-risk vulnerabilities affecting Microsoft products and 738 affecting Apple. They measured how many times over the past six years the two vendors were able to have a patch available on the day a vulnerability became publicly known, which they call the 0-day patch rate. What they found: 'Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005,' said Stefan Frei, one of the researchers involved in the study. 'Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple.'"

5 of 252 comments (clear)

  1. Re:Apple's shortcomings by truthsearch · · Score: 4, Informative

    Apple tells you what's fixed with every security update. Here's the document for the most recent: http://support.apple.com/kb/HT1249.

    It's specific enough for me, listing every application / library, impact, and description.

    --
    Developers: We can use your help.
  2. Re:Well, duh... by Anonymous Coward · · Score: 5, Informative
    That's exactly right. Microsoft batch their updates once a month. Apple do it less regularly and less frequently, and they are frequently *unbelievably* slow to patch issues in the Free software they ship that's also in Linux or BSD distributions (trust me, I track this stuff for my employer.) God only knows how bad they are about patches in their own code. They didn't even manage to fix a typo in the Safari / win32 port EULA right first time.

    Personally as a certified Free software I'm rubbing my hands & looking forward to the Linux types who've switched for, basically, teh shiny. It's Freedom that counts folks, not features or functions or shiney... Freedom.

  3. meh by wizardforce · · Score: 3, Informative

    They measured how many times over the past six years the two vendors were able to have a patch available on the day a vulnerability became publicly known, which they call the 0-day patch rate
    yaah and how many security flaws have been sitting un-patched for months, years even at microsoft? let us take a look at how many security holes remain un-patched shall we?
    --
    Sigs are too short to say anything truly profound so read the above post instead.
  4. Where's the Beef? by 99BottlesOfBeerInMyF · · Score: 3, Informative

    So this is an article that doesn't give any answers to the question it poses and references a study presented at blackhat, but which has not yet been published and in fact whose presentation is not even online yet.

    Can't we at least wait until we have some sort of data to discuss before embarking on half-assed arguments about how relevant the data is and if the methodology is credible?

  5. Here's a link to the original research paper by sidney · · Score: 3, Informative
    There is of course a lot more information in the actual research paper.

    That link is to a browser view of the PDF at pdfmenot.com which caches the actual PDF, so the poor researcher's personal web site doesn't get hit too hard. You could download the original PDF from there if you really want to.