"Internet Explorer Unsafe for 284 Days in 2006"

The title is taken from a post of the same name over at the Washington Post's Security Fix blog. This is an extension of the similar statistics about patch times for IE and FF in 2005 which I had mentioned previously in the WMF article, but which is worth another look. The important part of the article is the chart showing the breakdown of when vulnerabilities were released to when they were patched.

One reason I really like the title, however, is because 284 is actually showing a best case period of vulnerability. It shows how long you would be vulnerable if you always patch exactly when it comes out. However, since we know that normal users and even normal companies do not patch exactly when patches are released we know that for most people who use IE were vulnerable for much longer.