Skip to content

Microsoft Secure

Apples, Oranges and Vulnerability Metrics

NOTE:  I am not asserting that my vulnerability analysis demonstrates that Windows is more secure.  Rather, I frequently hear and read Linux advocates making unsupported assertions to the opposite that Linux is inherently more secure than Windows.  The “unsupported” part of that bothers me, so I check for myself.  What I keep finding is that...

Read more

Debian Site Hacked Again

Debian developers learned this morning that someone had hacked into one of the project servers (gluck), so the debian team took all of the servers offline to investigate, flatten and rebuild.  Here’s the message: http://lists.debian.org/debian-devel-announce/2006/07/msg00003.html Please note that you should not confuse this hack of the Open Source debian project with the one from November,...

Read more

FAQ (frequently asked questions) about Think Security Vulnerability Comparisons

This document will be updated as time goes on.  It is a repository for questions and answers related to analyses posted on my blog comparing vulnerability counts, days-of-risk and workload vulnerability indices for Windows and Linux distributions.  If you have more questions, post them as comments and I’ll update with an answer as appropriate. Best...

Read more

Windows Vista : Threat-driven Design combined with Security Quality Process

What is the difference between foundational security and security features? Name 3 security companies.  Who did you name?  Symantec?  Checkpoint?  RSA?  ISS? These companies all offer products that provide security features or capabilities.  What if Microsoft had no firewall?  What if we had no PKI and certificate services?  What if we had no plans for...

Read more