03 December 2007

Will Microsoft Ever Learn This Trick Doesn't Work?

When you read this:

Perhaps more important than the overall numbers is the positive impact IE7 has made for our users. As you know, we focused a lot on improving security in IE7. We believe IE 7 is the safest Microsoft browser released to date. According to a vulnerability report published today, IE7 has fewer vulnerabilities than previous versions of IE over the same time period. What’s more, the report showed that IE7 had both fewer fixed and unfixed vulnerabilities in the first year than the other browsers we compared.

...you might not notice that the "vulnerability report" published at the imposing-sounding CSO site is written by a certain Jeff Jones, who, by an amazing coincidence:
is a Security Strategy Director in Microsoft’s Trustworthy Computing group.

So, Microsoft refers to a report that just happens to be written by one of its employees, but without mentioning that fact. Amazing how these things can just slip the mind, eh? (Via Mike Shaver.)


Nilotpal Chowdhury said...

You are right. In fact, I did an analysis of the risk-days of the three major browsers on the Windows browser, and found IE to be the least secure. However, it HAS made improvements in security in the past year.

Glyn Moody said...

And it should be commended for that. But muddying the waters as it is doing here will only detract from that achievement.