Fundamentally flawed statistics
Last week i've reported about the point that the X-Force numbers regarding unpatched disclosures could be sorted in a different way to yield a completely different view on the data. More interesting is a recent development: After reassessing the data, many of the vulnerabilities had to be sorted into different categories. So the numbers were fundamentally incorrect as well.
The list changed a lot due to this changes: Sun went from 9% high+critical to 0%. IBM leads the pack with 29% unpatched high+critical vulnerabilities without patches. However 22% for Oracle doesn't look that good as well. You will find the updated list in the blog entry [URL="http://blogs.iss.net/archive/midyear2010chartupda.html"]" Mid-Year 2010 X-Force Trend and Risk Report - Update to Unpatched Vulnerabilities Chart"[/URL].
[url=http://www.c0t0d0s0.org/archives/6867-Fundamentally-flawed-statistics.html]Read More about [Fundamentally flawed statistics...[/url]