Microsoft Blames the Messengers

Roger writes: "In an essay published on microsoft.com, Scott Culp, Manager of the Microsoft Security Response Center, calls on security experts to "end information anarchy" and stop releasing sample code that exploits security holes in Windows and other operating systems. "It's high time the security community stopped providing the blueprints for building these weapons," Culp writes in the essay. "And it's high time that computer users insisted that the security community live up to its obligation to protect them." See the story on Cnet News.com."

Security Watchdogs' Obligation

[victim]

The security watchdogs of the net have no obligation to me. I am glad they do their tasks, but the owe me nothing.

My software providers have an obligation to provide me with secure software or none at all. I commend both Debian and Apple for responding to their occasional security problems in a timely manner.

In the olden days when watchdogs did not release sample code some software providers downplayed their flaws as theoretical problems. If the software providers had been responsive to security flaws, there would be no need for sample code.