29 Mar 07
2006 Operating System Vulnerability Summary →
Each operating system was scanned several times to determine risk at various stages of deployment. First, a vulnerability scan was performed during the installation phase of the operating system. While the operating environment present may not represent the binaries being installed, a successful attack during installation could subvert the operating system prior to its first boot. An second scan was made following the initial boot, to portray the default vulnerabilities in an “as shipped” condition. Additional scans were made on an as needed basis to demonstrate the weaknesses of vendor released patch versions.