Full Disclosure mailing list archives
Re: Hotmail & Passport (.NET Accounts)
From: Mark J Cox <mjc () redhat com>
Date: Mon, 12 May 2003 10:44:40 +0100 (BST)
I sure hope that folk won't be sucked into bogus "MS released fewer IE patches last year" claims based solely on the year-on-year comparison of the number of patch releases (as indicated by security bulletin count).
Most vendors and even open source software projects roll up security fixes, usually when issues are classed as minor or if several severe issues can be announced and fixed at the same time. To know how many issues get rolled up you need to be able to count issues or vulnerabilities and that can be quite subjective. However we can normalise on CVE data to get useful statistics: Looking at point releases of Apache 1.3 and Apache 2.0 that contained security fixes. Each release fixed on average 1.63 vulnerabilities (44% of releases fixed more than one issue, max 3 issues in one release). Looking at Red Hat advisories since Jan 2000-Apr 2002, each advisory for Red Hat Linux fixed on average 1.54 vulnerabilities (18% of advisories fixed more than one issue, max 11 issues in one advisory). Cheers, Mark -- Mark J Cox _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Hotmail & Passport (.NET Accounts) Vulnerability Muhammad Faisal Rauf Danka (May 07)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Michael J McCafferty (May 08)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability adf--at--Code511.com (May 08)
- Re: Hotmail & Passport (.NET Accounts) Darren Reed (May 09)
- Re: Hotmail & Passport (.NET Accounts) Ron DuFresne (May 09)
- Re: Hotmail & Passport (.NET Accounts) adf--at--Code511.com (May 09)
- Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 09)
- Re: Hotmail & Passport (.NET Accounts) Georgi Guninski (May 10)
- Re: Hotmail & Passport (.NET Accounts) Nick FitzGerald (May 10)
- Re: Hotmail & Passport (.NET Accounts) Mark J Cox (May 12)
- RE: Hotmail & Passport (.NET Accounts) Ed Carp (May 12)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability adf--at--Code511.com (May 08)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Michael J McCafferty (May 08)
- <Possible follow-ups>
- RE: Hotmail & Passport (.NET Accounts) Vulnerability Christopher F. Herot (May 07)
- RE: Hotmail & Passport (.NET Accounts) Vulnerability Marc Slemko (May 07)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Byrne Ghavalas (May 08)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Suryanto (May 07)
- Re: Hotmail & Passport (.NET Accounts) Vulnerability Wayne Chang (Pacific Northwest Software) (May 08)
- RE: Hotmail & Passport (.NET Accounts) Vulnerability Marc Slemko (May 07)