14 DAY TRIAL // Even at one year after Windows Vista has hit the shelves, Microsoft is still beating the old drum of the most secure Windows platform to date. In fact, one of the main aspects of the Windows Vista $500 million Wow advertising campaign was a strong focus on security. Vista is the first Microsoft product to be completely developed under the Secure Development Lifecycle, a comprehensive collection of best practices, methods and models for building bulletproof software. While the SDL does by no means ensure that Vista is flawless, it was in fact meant to reduce not only the volume of vulnerabilities, but also the maximum severity rating of the flaws that get through.
At the end of Vista's first year on the market, Jeff Jones, Security Strategy Director in Microsoft's Trustworthy Computing group, has put together a report that looks as both the latest Windows operating system, as well as its predecessor - comparing vulnerabilities in the two platforms. Jones is essentially comparing one spring chicken to another, as he took into consideration the two products in their first respective year of availability, namely 2002 for XP and 2007 for Vista.
"Windows Vista, the successor to Windows XP, released to business users on November 30, 2006. Since the release of Windows XP in 2001, the Microsoft approach to security has gone through some significant changes. In January 2002, only a few months after the release of Windows XP, Microsoft launched their Trustworthy Computing initiative and began to revise their entire product development process with the goal of long-term, ongoing, security improvement for customers," Jones stated.
The conclusion at which Jones came is by no means surprising. Vista had fewer vulnerabilities in its first year on the market compared to XP. While of course this vulnerabilities counting game is by no means an accurate reflection of security, it is an indicator of the fact that the risk mitigation can be easily performed on the latest Windows client, compared with its predecessor.
"Microsoft released 17 Security Bulletins and corresponding patches in the first year affecting components of Windows Vista, [and] fixed a total of 36 vulnerabilities," Jones added. "Microsoft released 30 Security Bulletins and corresponding patches affecting Windows XP in the first year of availability, [fixing] a total of 65 vulnerabilities."
