MSFT closing price vs vulnerabilities

Microsoft vulnerabilities versus MSFT closing price

Have you ever wondered what keeps Microsoft afloat when just about everyone curses it and in spite of the fact that dozens of new vulnerabilities are discovered in Microsoft products every day? Instead of arguing with numerous theories explaining this phenomenon, we decided to conduct a very simple analysis. On a big scale, there are just two things that everyone talks about. Those topics are: the money Microsoft makes and the pain-in-the-ass bugs that Microsoft's plants by dozens in every line of their code. So we decided to compare the two and figure out once and for all how Microsoft's vulnerabilities affect Microsoft's wealth.

The graph below compares a 5-year worth of Microsoft vulnerabilities to the MSFT closing price. The vulnerability data is essentially a number of Security Bulletins that Microsoft released. First, we produced a graph using 1998-2005 quarterly data. MSFT price is shown in blue and the bulletin count is shown in red. The two curved lines are moving averages with the period of 5.

Surprise, surprise! The shape of the vulnerability graph is almost identical to the shape of the MSFT ticker. Also, since the vulnerability graph is delayed comparing to the MSFT graph, it is clear that the number of Microsoft vulnerabilities is a function of MSFT price.

Coincidence?

Not likely. One can say that quarterly data is not accurate enough to visualize this type of information. Ok. Let's take a different approach. Below is a graph that was compiled using monthly values (i.e. MSFT monthly average closing price and the number of MS Security Bulletins released within the same month). As you can see, it looks very much like the first one. SMA(10) lines depict exactly the same trends.

Conclusions

So, what can be told from looking at the graphs?

First of all, the number of vulnerabilities in Microsoft products seems to be in direct correlation with the stock price. This is hardly a surprise, and it is logical for a technology company - the more bugs you have in your software, in other words, the crappier your products are - the less you worth. Hey, wait a minute... The graphs show just THE OPPOSITE for Microsoft. The MSFT price rises when there are more vulnerabilities! Wow, that is surprising.

Secondly, since the vulnerability graph is a delayed reflection of the price, Microsoft bugs are function of the stock price! Take a more thorough look at the graphs and it becomes obvious that every Microsoft bug is a loving child of Microsoft! Why? Because the vulnerability graph is delayed by exactly 9 months!

Thirdly, both MSFT price and the vulnerability count are currently entering the ascending trend (see the quarterly graph). The vulnerability count was falling since 2002(72 bulletins) and went up in 2005. In 2005 Microsoft released more security bulletins(55) than in 2003(51), and 2004(45).

The last conclusion: Microsoft is producing vulnerabilities and possibly invests in them. The more money they have the more vulnerabilities are discovered in their products. Microsoft DEPENDS on the vulnerabilities. The day the last bug is patched in MS software is the day Microsoft goes bankrupt. So, stop complaining and stop insulting Microsoft! This is what they do, they work hard to do the best [bugs] they can, so they can stay on the market.