這份研究的軟體清單條件如下：
1) Runs on Microsoft Windows.
2) Is well-known in the consumer space and frequently downloaded by individuals.
3) Is not classified as malicious by enterprise IT organizations or security vendors.
4) Contains at least one critical vulnerability:
        a. first reported in June 2006 or after,
        b. registered in the U.S. National Institute of Standards and Technology's (NIST) official vulnerability database at http://nvd.nist.gov, and
        c. with a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
5) Relies on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.

在這清單中沒有明確排除一般家庭的使用者，其中第五點指它們調查的方向是以終端用戶，而不是電腦管理者，看起來好像包含一般家庭的使用者。

但在報告結果裡，又說了：

The reason most Microsoft software doesn’t make the list is because bynow most companies have a pretty good process in place for identifying,patching, and fixing vulnerable Microsoft software. The same cannot besaid for apps like Firefox, iTunes, and other packages.

回報中卻說，微軟的大部分軟體沒列其中(如 IE 及2006年發生 0-day 的 office word)是因為大多數公司策略都有很好的流程會自動修補微軟的漏洞，但沒有策略修補 Firefox 等的問題。怎麼又把焦點放在電腦管理者上了？

Bit9 的這個調查很明顯就是排除一般家庭的使用者，只考量公司企業下的員工。