• United States



Microsoft Security Intelligence Report 2H06

Apr 27, 20072 mins
Business ContinuityData and Information SecurityIT Leadership

This week at RSA Japan, Microsoft published its second Security Intelligence Report, covering the 2nd half of 2006.   Similar to the first document from last year, this one provides a lot of information about malware trends as observed by the internal Microsoft team from results of Windows Defender, the Malicious Software Removal Tool, OneCare and the Microsoft Exchange Hosted Filtering service.  All good stuff.

Additionally, Microsoft has added a vulnerability trends section to the document this time, and as one of the primary contributors, I want to promote it a bit.

You can download the full report here.

To entice you, here are a few of the highlight charts.

This first figure charts the growth of total vulnerabilities disclosed over the past 7 years, showing that over 40% more vulnerabilities were disclosed in 2006 than 2005 and that there were more vulnerabilities in each half-year of 2006 than in any year up through 2004.

This second figure charts the National Vulnerability Database’s ( assessment of whether each vulnerability is either “easy” or “complex” to exploit.  Note that there was a much higher percentage of complex to exploit issues disclosed in 2006, a sign of the growing maturity of the security research industry, IMO.

That’s just a peek, so if you find these interesting, you may want to download the full report.

Jeff Jones is a 24-year security industry professional that has spent the last several years at Microsoft helping drive security and privacy progress as part of the Trustworthy Computing group. In this role, Jeff draws upon his security experience to work with enterprise CSOs and Microsoft's internal security teams to drive practical and measurable security improvements into Microsoft process and products. Prior to Microsoft, Jeff was the vice president of product management for security products at Network Associates where his responsibilities included PGP, Gauntlet and Cybercop products, and several improvements in the McAfee product line. These latest positions cap a career focused on security, managing risk, building custom firewalls and being involved in Darpa security research projects while part of Trusted Information Systems. Jeff is a frequent global speaker and writer on security topics ranging from the very technical to more high level, CxO-focused topics such as Security TCO and metrics. Jeff is also a contributor the Microsoft Security Blog ( and writes on a wide range of personal interests (e.g. books, poker, gaming) at