Today is a big day for Microsoft's Trustworthy Computing team! It's the release of the Windows Vista One Year Vulnerability Report composed by my good friend and teammate, Jeff Jones. First let me just put to rest any kind "of course it's favorable...it's written by Microsoft" kinda stuff that I know several people reading are saying to themselves right now. If he was just some shill for Microsoft....would he be a blogger for CSO Magazine?
Let me tell you a little about my experience with Jeff Jones and his research. Jeff Jones' methodology is sound. (Read that again.....out loud.) When I first came to this team in 2006, I was one of the first people to say, "Who's going to believe this, Jeff? You work for Microsoft.....of course it's favorable." Jeff quickly sat me down and explained that he would gladly put his data up against anyone who wanted to contest his research methods and findings. He's also quick to point out where Microsoft falls behind. Here's another "little known fact" about Mr. Jones. Jeff is one of the loudest voices inside Microsoft about our vulnerability reporting. It's Jeff who will storm into a VP's office and say that we should err on the side of being MORE critical of our security accounting. Jeff Jones' integrity is above reproach.*
Read the guide and get the facts. Quit listening to what the fear mongers are telling you. Read it and come to your own conclusions. Microsoft software is not perfect......no software is....but I think you'll agree that Microsoft is absolutely on the right track..
(P.S. If you enjoyed this....then you'll also enjoy the Microsoft Security Intelligence Report, which is chocked full of data points as to what is really going on out there!)
*Jeff Jones is however not without his faults....he spends far too little time playing World of Warcraft, instead choosing to be a slightly above average Texas Hold'Em player and Media Center geek. That is unto itself....a sad commentary.
UPDATE: Read what Jesper Johansson has to say on it. Jesper has a Ph.D. so he has also taken the data and come to some conclusions. Interesting.