The Bigger Picture
The number of updates for the many software distributions is less important to Hilf than the bigger picture, which shows that it is not just Microsoft software that has to be regularly patched and updated. Mark Cox, security response team leader at Linux vendor Red Hat, in Raleigh, N.C., said that one of the top reasons machines are ensnared by security exploits is that they dont get the latest security updates. "To protect users, a vendor needs to make security updates as easy and painless as possible across the entire application stack," he said."These sorts of statistics give customers a much better feeling for the risk and exposure theyll be taking when choosing a platform," Cox said. "We could reduce the number of advisories by batching issues into a single update every month or by not fixing those vulnerabilities rated as low severity, but that is actually detrimental and increases the risk to customers. Were not going to play the numbers game with our customers." Putting Integration to the Test Users can expect to see a lot more interoperability work between Microsoft and some of its open-source competitors over the next year, such as the agreement the company struck with JBoss Inc. in September. Users also can expect more participation by Microsoft in discovering interoperability problems earlier in its product cycle and providing fixes when issues arise. Microsoft and JBoss said they would focus on four key areas: Active Directory, Web services, management and SQL Server. Some partners, such as Centeris Corp. CEO Barry Crist, in Bellevue, Wash., agree that Microsoft is doing a better job of reaching out to the open-source community. "If you talk to the folks in Microsofts management tools group, they are under pressure from their customers to have cross-platform support," Crist said. "There may be other groups within Microsoft who may feel differently, but the folks we have talked to have been generally supportive." Microsoft has been working on interoperability across all its products. "Our goal for doing all of this is pretty simple: We want our customers to have the best experience with our software regardless of environment," Hilf said. "So we want to make sure, from an open-source software and Microsoft software perspective, that our customers are able to interoperate." Check out eWEEK.coms for Microsoft and Windows news, views and analysis.
Of 17 critical vulnerabilities identified last year, Red Hat made fixes for every one of them available to customers via the Red Hat Network within two days of the vulnerabilities being known to the publicwith 87 percent of the fixes being available the first day, Cox said.