Madrid, November 20, 2003 - Mike Nash, corporate VP at Microsoft, has spoken about the security activities developed by the company, which are summarized at [url=http://www.microsoft-watch.com/article2/0,0,1386854,00.asp?kc=MWRSS02129TX1K
0000535]Microsoft Watch
Mike Nash explained that Microsoft's security priorities focus on improving patches, offering better help, reducing vulnerabilities and increasing the
quality of its products in order to lessen the need for patches.
The analysis presented by the corporate VP in charge of Microsoft's Security Business Unit started with the improvements the company has made since it launched its Trustworthy Computing in January 2002. The initiatives launched have allowed the company to reduce the time it takes to release a patch for new vulnerabilities. Nash explained that Microsoft needed 331 days from the time the Code Red/Nimda worm was discovered until the patch for the vulnerability exploited by this malicious code was released. In the case of SQL Slammer, it took 180 days, for the Welchia worm, 151 days and for Blaster, Microsoft got a patch out in 25 days.
In relation to vulnerabilities, Mike Nash informed that in the first 90 days after Microsoft presented Windows Server 2000, the company discovered eight critical or important vulnerabilities in the operating system. However, during its first three months on the market, the number of vulnerabilities detected in Windows Server 2003 (considered a product of the Trustworthy
Computing initiative) dropped to three. Similarly, in the first 180 days following the release of Windows Server 2000 and Windows Server 2003, 21 critical/important vulnerabilities were detected in the first product, compared to six in the second. Nash also highlighted a reduction in the number of security bulletins issued for other products before and after the Trustworthy-Computing initiative, such as Exchange Server 2000 (from six bulletins to one) and SQL Server 2000 (from 11 to two).
http://www.pandasoftware.com

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic