Embedded Files
This page shows the result to estimate the unknown security weaknesses still present in a newly published specification.
From the following figure, we found that for each Release, SR-CRs have been continuously issued for several years. For example, Release 4 was frozen in 2001 but has been reported for various security flaws for 12 years. From Release 4 to 11, which are no longer receiving SR-CRs, they had been modified for 7 years on average after their specifications were frozen. So we have reason to believe that there still are many unveiled security weaknesses in Release 12 and after, and the effort to improve their security quality will last for a long time.
Fig: Number of SR-CRs reported over time after Releases have been frozen.
Fig: Number of SR-CRs reported over time after Releases have been frozen.
Page updated
Google Sites
Report abuse