Shostack + Friends Blog Archive


Microsoft Security Intelligence Report V4

Microsoft Security Intelligence Report (July – December 2007)

This volume of the SIR focuses on the second half of the 2007 calendar year (from July through December) and builds upon the data published in the previously released volumes of the SIR. Using data derived from several hundred million Windows users, and some of the busiest online services on the Internet, this report provides an in-depth perspective on trends in software vulnerability disclosures as well as trends in the malicious and potentially unwanted software landscape, and an update on trends in software vulnerability exploits. The scope of this fourth volume of the report has been expanded to include a focus on privacy and breach notifications, and a look at Microsoft’s work supporting law enforcement agencies worldwide in the fight against cyber criminals. [Emphasis added.]

Emergent Chaos readers are unlikely to learn new details in the analysis. What’s important to me is that this helps to establish a new normal baseline around the way we’re using information that’s disclosed and gathered by folks like Attrition.