Vmyths.com

Hoaxes, myths,
urban legends

Columnists


Addictive
Update
Model

False
Authority
Syndrome


About us

Computer
security
humor

Truth about computer security hysteria
Truth About Computer Security Hysteria

Rob Rosenberger

It's obvious when you compare the two (part 2)

Rob Rosenberger, Vmyths co-founder
Thursday, 23 January 2003

[continued from part 1] CAN YOU NAME the one piece of software that needs more security patches than all other software on your computer, combined? The answer seems obvious when you compare these two companies:

Name: Sophos   Name: Microsoft
 
Primarily sells: "Sophos Anti-Virus" for various operating systems   Primarily sells: operating system software, productivity software, game software
 
Total number of security patches issued in 2002: at least 226, just for a single computer security product (source: Sophos email alerts)   Total number of security patches issued in 2002: 72, for all products combined (source: Scott Culp, former manager of Microsoft's Security Response Center)
 
2002 batting average: 4.3 security patches per week just for a single computer security product   2002 batting average: 3.0 security patches per month for all Microsoft products combined
Ironically, you'll earn bad media coverage if your firm issues an occasional security patch for non-security products — yet you'll earn good media coverage if your firm issues a relentless stream of security patches for a security product. Go figure.

[continued in part 3]