More MS Patch Data
The data Security Fix released earlier this week showing Microsoft is taking roughly 50 percent more time to issue updates to correct "critical" security holes in Windows have generated an enormous response, most of it positive. Some folks even appear to have been inspired to tweak and/or combine the data in ways I hadn't considered.
Dan Geer, the security expert who is giving the keynote address at the ShmooCon 2006 hacker conference that starts today in Washington, sent a nice note this morning, along with his own interpretation of the time-to-patch data:
Geer's graph shows that Microsoft increased its time-to-patch gap by a little more than one day per month from the start of 2003 to the end of 2005.
A Dominic White left a comment on the blog today pointing to his blog, where he claims that there are a few errors here and there in the graphs. He may be right: I must have looked at those graphs more than a hundred times each, and that's always the kiss of death, it seems. At any rate, I fully expected someone would write in to correct me on something.
Readers: if you find any inconsistencies in the data, please let me know where in graphs you found the error and I will verify it and amend the graphs if needed. At the end of his post, White acknowledges that even accounting for the problems he says he found, his time-to-patch numbers weren't off by more than a day from ours.
Oh, and a shortened version of the original time-to-patch blog post will be included in the Business section of Sunday's Washington Post newspaper.
Posted by: Simon X | January 13, 2006 10:35 AM | Report abuse
Posted by: Matt | January 13, 2006 11:59 AM | Report abuse
Posted by: AXAF | January 13, 2006 1:56 PM | Report abuse
Posted by: Matt | January 14, 2006 1:16 AM | Report abuse
Posted by: Dominic White | January 14, 2006 1:55 PM | Report abuse
Posted by: Dave Katz | January 17, 2006 11:53 AM | Report abuse
Posted by: Hospedagem de Sites | August 6, 2006 7:56 PM | Report abuse
The comments to this entry are closed.