Windows Vista One Year Vulnerability Report

Microsoft takes a look back at the security implications of Vista's first year on the market: This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products. Summary Windows Vista shipped to business customers on the last day of November 2006, so the end of November 2007 marks the one year anniversary for supported production use of the product. This paper analyzes the vulnerability disclosures and security updates for the first year of Windows Vista and looks at it in the context of its predecessor, Windows XP, along with other modern workstation operating systems Red Hat, Ubuntu and Apple products. The results of the analysis show that Windows Vista has an improved security vulnerability profile over its predecessor. Analysis of security updates also shows that Microsoft improvements to the security update process and development process have reduced the impact of security updates to Windows administrators significantly compared to its predecessor, Windows XP. Note that this report is an update to the previously published Windows Vista 90-Day Vulnerability Report and Windows Vista 6-Month Vulnerability Report. However, since one year is a more informative time frame, this report contains the results of a deeper level of analysis. Download the report in PDF format So I'll break the suspense and note that, as expected, Windows Vista performed amazingly well compared to both its predecessor (XP) and the competition. You should read the entire report, of course. But I think this table says it all. (I added color for emphasis.) Metric Windows Vista (year 1) Windows XP(year 1) Red Hat RHEL4WS (year 1) Ubuntu 6.06 LTS Reduced (year 1) Mac OS X