RE: Hotmail & Passport (.NET Accounts)

["Ed Carp" <erc () pobox com>]

> > I sure hope that
> > folk won't be sucked into bogus "MS released fewer IE patches last
> > year" claims based solely on the year-on-year comparison of the
> > number of patch releases (as indicated by security bulletin count).
>
> Most vendors and even open source software projects roll up security
> fixes, usually when issues are classed as minor or if several severe
> issues can be announced and fixed at the same time.  To know how many
> issues get rolled up you need to be able to count issues or
> vulnerabilities and that can be quite subjective.  However we can
> normalise on CVE data to get useful statistics:

Counting vulnerabilities is a ridiculous way of assessing security!  Common
sense should tell you that, an no explanation is needed for this very
obvious fact.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html