Item: [link|http://story.news.yahoo.com/news?tmpl=story2&cid=77&ncid=738&e=10&u=/mc/20021108/tc_mc/microsoft_calls__foul__on_os_vulnerability_data|Microsoft calls 'foul' on vulnerability data], Paul Roberts, IDG News Service, Fri Nov 8, 8:16 AM ET (Yahoo News).
\r\n\r\nMicrosoft objects to having [link|http://abcnews.go.com/sections/tech/FredMoody/moody000802.html|Fred Moody's double-counting bugreport methodology] applied to its own projects:
\r\n\r\n\r\n\r\n\r\nIn an interview, Mike Nash, vice president of the security business unit at Microsoft said that he feels those numbers are misleading.
\r\n\r\n"Essentially what (mi2g) has done is look at a combination of vulnerabilities announced by vendors and new vulnerabilities reported by users," Nash said. "There's no way to determine if the same issue is counted multiple times, or if erroneous vulnerabilities are being reported."
\r\n\r\nProducts with more customers, like Microsoft Windows, are bound to have more vulnerabilities reported under such a system regardless of whether those products are less or more secure than the competition, according to Nash.
\r\n
So...Microsoft's security focus is aimed at reducing apparent vulnerabilities by challenging bug counts rather than fixing problems?
\r\n\r\nAnd for those with short memories, Fred Moody's "Linux Sux Redux" article is criticized and analyzed [link|http://twiki.iwethey.org/twiki/bin/view/Main/FUDMoodyLinuxSuxRedux|here at TWiKIWeThey].
\r\n\r\nI can't help but close with a quote from Moody's essay: "As Linux zealots are beginning to find out, it's a lot easier to masquerade as a better product than it is to go out and be one." . Ben Greenbaum turned this around on Moody at the end of his [link|http://online.securityfocus.com/guest/2782|rebuttal]. I'll merely add: et tu, Microsoft.