Decrease in Critical Issues and Bulletins

As far as individual issues, Critical-class CVEs accounted for less than a third of the issues we addressed in bulletin releases for the first time since we began our monthly bulletin-release cadence in 2004. And in absolute numbers, Critical-class CVEs are at their lowest levels since 2005. The fact that we're seeing lower percentages of Critical issues and bulletins year-over-year demonstrates progress made by the product groups in creating more secure software.

With this regularly scheduled monthly release, our bulletin count for 2011 is 99, with 13 released today. Of those, we determined 10 to be Important-class bulletins, with only three classified as Critical in severity. In 2011, Critical-class bulletins represented just 32 percent of all bulletins – the lowest percentage since we began our monthly bulletin-release cadence in 2004 and, again, the lowest absolute number since 2005. Interestingly, for the second half of the year the numbers are even lower, with under 20 percent of bulletins released in the last six months rated Critical in severity.

View the full article

Well Microsoft are now more using .NET which is easier to write more secure code because it uses CIL virtual machine, and C# does automatic garbage collection, etc.

Also Internet Explorer nowadays uses "Protected Mode" which is sandboxing.

I think Microsoft have gotten better at security lately.

...

I think Microsoft have gotten better at security lately.

I agree -- and that's why there has been a huge rise in malware in the last two years that targets everything else, particularly Adobe Flash, Adobe Reader, and Sun/Oracle Java (a.k.a Java run-time a.k.a Java JRE).

.

I am also glad that Microsoft made Microsoft Security Essentials (MSE).

I like MSE. I don't know how it compares to other antivirus software in terms of response time, false positives, speed, etc but it seems light and non-intrusive. It's simple, I like it.