Having published a Windows Vista vulnerability report after 90-days and six-months, I am sure it will come as no surprise to folks that I have been working on a one year analysis as well.One year is a much more interesting time frame, and gives us the opportunity to see if the early trend indicators are holding up, or if the early signs of progress were a short-term gain. Structurally, this report analyzes Windows Vista vulnerabilities and updates in the context of: Windows XP, its predecessor product Latest desktop products available for a full year from Red Hat, Ubuntu and Apple I want to give you a peek into the report, so I’ll show a few key charts highlighting WIndows Vista relative to its predecessor. To see the results relative to the other industry OS offerings, you’ll need to download the full report. First, here is the chart showing the full set of vulnerabilities (total disclosures and total fixed) for WIndows XP and Windows Vista during the first year of availability after they shipped. As a new view on the first year of products, I did analysis of how many days had one or more patches released for the product – I called these days “Patch Events.” Here is a weekly histogram for the Patch Events the first year after Windows XP was released.In contrast, Windows Vista administrators only dealt with nine patch events during the first year. The results of the analysis show that Windows Vista continues to show a trend of fewer vulnerabilities at the one year mark compared to its predecessor product Windows XP (which did not benefit from the SDL). If you are interested in how it did compared with Red Hat, Ubuntu and Apple Mac OS X, you’ll need to download the full report. If you share the opinion that Windows and applications ported to Windows get a higher level of researcher scrutiny than other OSes, then the 6-month results are even more positive. If you don’t share that opinion, then they still stand on their own …Read, Enjoy, Forward. Best regards ~ Jeff Full Disclosure: I work for Microsoft – read my thoughts on how that affects my analysis in Exactly how biased am I?. Related content opinion The Snake Oil Days of Internet Health By securityjones Sep 27, 2011 6 mins Business Continuity Data and Information Security opinion 5 Top Trends Redefining CSO Priorities By securityjones Aug 23, 2011 9 mins Identity Management Solutions Business Continuity Data and Information Security opinion Protecting the Supply Chain: The CSO Rides Shotgun By securityjones Aug 08, 2011 4 mins Business Continuity Data and Information Security Physical Security opinion Career Advice? One Word. Are You Listening? … Cybersecurity By securityjones Aug 03, 2011 3 mins Careers Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe