Windows Vista recently passed the 180 day mark since it was made available to business customers. Just as he did at the 90-day mark, Jeff Jones, a Microsoft Director from the Trustworthy Computing group and frequent blogger on security topics, has done a comparison of vulnerabilities discovered in Windows Vista versus other operating systems in their first 6 months of availability. Windows Vista holds up well in this comparison, showing a significantly improved vulnerability profile over its first 180 days of availability compared to Windows XP and the other operating systems that were examined. It’s interesting to note that Windows Vista is being subjected to a greater level of scrutiny than its predecessor, as tools used by security researchers have become significantly more sophisticated since Windows XP was released.
Of course, we’re always working harder to further reduce the number of vulnerabilities in our products. Windows Vista was our first client release to leverage the Security Development Lifecycle (SDL) throughout the entire development cycle. As new techniques for finding vulnerabilities are discovered, we make updates to the SDL which will be used in the development of future products. A good example of how that process works is in Michael Howard’s entry on the SDL blog.
Jeff’s “Windows Vista 6-month Vulnerability Report” is available here .
Source:→ Windows Vista Team BlogMicrosoft, Windows Vista, Vulnerability, Security