IBM, by its own account, according to Forbes writer Andy Greenberg indicts itself in the current semi-annual X-Force 2010 Mid-Year Trend and Risk Report as the enterprise that left the greatest number of unpatched vulnerabilities in its software. An early version of the report -- later quietly revised and reissued -- had cited Sun and Google as the two companies most guilty of leaving vulnerabilities unpatched, Greenberg notes.
The revision named Microsoft as having the worst record for patching flaws of all levels of severity over the last six months, Greenberg writes. The revised report also concedes that it was IBM that left some 29% of its critical software flaws from the last six months unfixed, a greater number than any of the other nine companies measured. Oracles numbers were only slightly better, according to the IBM document, which claimed a 22% rate of leaving high severity bugs unfixed on Oracle's part.
In two blogs, Joerg Moellenkamp addresses these shifting statistics, the first of which mentions the statistics themselves the second of which calls the figures fundamentally flawed statistics in its title.
In the latter post Moellenkamp writes that " ... many of the vulnerabilities had to be sorted into different categories. So the numbers were fundamentally incorrect as well."
Further observations on the revised report can be found in Tom Cross's blog.
July 2010 Critical patch Update Released
Read More ...