Windows Vista is not the only example of Microsoft managing to slash the number of vulnerabilities in half. The same is the case with Office 2007. David LeBlanc, a senior software development engineer at Microsoft, offered internal statistics from Microsoft on a range of Office editions, taking into consideration CVE entries and bulletin count from 9/18/2007 to 11/17/2008. “While we did a lot of good work to try and make Office 2003 more secure than previous versions, against the attacks we’re seeing in 2007, it wasn’t any better than Office XP,” LeBlanc stated.
The CVE count for Office 2007 SP1 was of just 16 items in approximately one year, while that for the RTM version of the system was of 19. In fact, Office 2003 SP3 and Office 2007 RTM were almost on a par in this regard. However, for releases preceding Office 2003 SP3, the CVE count was almost double. LeBlanc stated that Microsoft was committed to continuing to improve security for the Office System with the next release, namely SP2 for Office 2007.