Microsoft vs. Apple: Who patches zero-day vulnerabilities faster? The Swiss chime in with an answer
So, the controversy is nothing new, and nearly as old as the as Apple 1984 commercial. I've posted previously at Mac and PC Security and noted that -- no matter what connected platform you use -- there's no immunity from security vulnerabilities. And there is certainly no shortage of news on Macintosh vs. Windows vulnerabilities.
This week it appears that the efforts to improve security over the last few years had paid a dividend: Computerworld notes the Swiss research that examines which company patches zero-day vulnerabilities faster. And the answer isn't likely to show up in an Apple ad any time soon...
Apple's teasing commercials that imply its software is safer than Microsoft's may not quite match the facts, according to new research revealed at the Black Hat conference on Thursday.
Researchers from the Swiss Federal Institute of Technology looked at how many times over the past six years the two vendors were able to have a patch available on the day a vulnerability became publicly known, which they call the 0day (zero-day) patch rate.
They analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple. They looked at only high- and medium-risk bugs, according to the classification used by the National Vulnerability Database, said Stefan Frei, one of the researchers involved in the study. [Click here for the paper in PDF format.]
What they found is that, contrary to popular belief that Apple makes more secure products, Apple lags behind in patching.
Frei is with the Computer Engineering and Networks Laboratory (TIK) at the Swiss Federal Institute of Technology, ETH Zurich. The paper is "0-Day Patch - Exposing Vendors (In)security Performance, 2008" in which the researchers look at the "0-day patch rate as a new metric to measure and compare the performance of the vulnerability handling and patch development processes of major software vendors."
I hear the Swiss are traditionally neutral. ;)
More at http://www.techzoom.net/risk/ and the Computerworld article at Microsoft vs. Apple: Who patches zero-days faster?