Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Opens Access to Vulnerability Notifications

Posted by CowboyNeal on from the open-doors dept.

joseph schmo writes "Microsoft has announced that it will throw open the floodgates of vulnerability notifications for everyone who wants them. Previously, it was only offering early notifications to 'Premier and other 'representative' customers,' or those customers who would sign a Non-disclosure statement."

20 of 104 comments (clear)

  1. no posts and already /.'d by sf · · Score: 3, Funny

    A pre-emptive strike perhaps ?

  2. So? by Anonymous Coward · · Score: 5, Funny

    Just set a Slashdot RSS up? Does the same thing!

  3. Just finally? by Anonymous Coward · · Score: 3, Insightful

    About 5 years too late I think.

  4. I guess this is their way of saying... by AlexanderYoshi · · Score: 3, Funny

    I guess this is their way of saying... "We don't understand these things either!"

  5. It's a cool trick by Anonymous Coward · · Score: 3, Funny

    You still won't be able to learn about vurnerabilities due to overflooded mailbox.

  6. Slashdotted by PhrostyMcByte · · Score: 5, Informative

    It was probably talking about this.

  7. Self Discipline? by Amiga+Lover · · Score: 4, Insightful

    If this is indeed as open as it sounds, then it's a massive step forward. MS will be forcing itself not to become complacent and hide behind the obscurity of a vulnerability that may not be known, but instead will have to deal with the vulnerability in the correct way - fixing the thing.

    Whether it's actually this open, and whether they do end up fixing more problems because of it still has to be seen. Past behaviour has me cynical.

    1. Re:Self Discipline? by blowdart · · Score: 5, Insightful

      MS will be forcing itself not to become complacent and hide behind the obscurity of a vulnerability that may not be known, but instead will have to deal with the vulnerability in the correct way - fixing the thing.

      Hold on. By giving a summary of fixes coming up, thus indicating the fix is already there does not change anything, or do what you suggest. This is not full disclosure of unfixed problems.

      All that's happening is you'll get advanced summaries of what the monthly security updates will contain. They've already fixed it when this happens.

  8. Working links by DeadSea · · Score: 5, Informative

    Get your early warnings here:

    Microsoft Security Bulletin Advance Notification

    Another news story about it:

  9. They were just jealous by thewonderllama.com · · Score: 5, Funny

    BitTorrent traffic down to 33% of all internet traffic.... 28%... 22%... ~BS

    --
    Home of the EULA shirt
  10. Who cares? by sridev · · Score: 3, Interesting

    Was anyone really waiting for this to happen?

    I'm fine with the automatic Windows update!

    1. Re:Who cares? by julesh · · Score: 5, Interesting

      I'm fine with the automatic Windows update!

      That's what I thought until it stopped downloading patches for me without notification or error message (turns out I had failed to download an update that was labelled as non-critical which included a patch for BITS, which automatic update relies on, and it therefore stopped working... apply that patch and suddenly I had about two months' worth of critical updates coming down all at at once).

  11. Hmmm by pmc255 · · Score: 3, Funny

    Considering the high amount, this could be considered a new form of spam ;)

  12. That's Good... by gowen · · Score: 5, Funny

    ... because before I was having to use an unpatched backdoor in IIS in order to access the webpages detailing the latest vulnerabilities.

    --
    Athletic Scholarships to universities make as much sense as academic scholarships to sports teams.
  13. Well, not that interesting by dago · · Score: 4, Informative

    What they will do is pre-announce the forecoming security bulletings 3 days in advance, and without details.

    So, on saturdays, every 3 months, you'll get something like : Next tuesday, there will be 5 new vulnerabilities, 2 of them being critical.

    --
    #include "coucou.h"
  14. Re:Who The Hell Uses Microsoft Products Anymore? by Tim+C · · Score: 4, Insightful

    Expensive

    Compared to what? My PC cost ten times what I can buy XP Pro for. I've personally used software costing hundreds of thousands of pounds.

    buggy

    Show me a complex piece of software that doesn't suffer from bugs. Linux distributors and Apple also release buggy software (and no, pointing out that most of the software that comes with a Linux distro is written by third parties is not an excuse - the distributor has the source and chooses to include the app. They assume some responsibility for it)

    insecure

    Put it behind a firewall, keep it up to date with patches, and don't be an idiot about using it - just as you should be doing with any network-aware piece of software.

    Hasn't everyone moved on to OS X and Linux?

    Actuall, I've moved back to Windows having used Linux for a couple of years. No real complaints, it just doesn't run some software I need to use, and most of the things that bugged the shit out of me about Windows have been fixed. The right tool for the right job; in my case, that's currently Windows.

    --
    It's official. Most of you are morons.
  15. No real difference by dcam · · Score: 5, Insightful

    From the Article all this means that you get an extra 3 days notice before the monthly release of security bulletins. What is the point of that?

    The problem with the new MS regime of patching cycle is that they did not release information as it became available to them. Microsoft should release patches as soon as they are available, not on a monthly cycle. The current MS situation means that you arr vulernable for up to a month (if not more).

    Microsoft's initial assumtion that virus's & scripts are released only when the patch is release is largely flawed.

    --
    meh
  16. from the open-doors dept. by neko9 · · Score: 4, Funny

    more like form the open-doors-closed-windows dept.

  17. Re:Scripted Updates by pandrijeczko · · Score: 4, Informative

    PS. If you're new to shell-scripting or if you just want a collection of good useful scripts, you cannot IMHO do better than Wicked Cool Shell Scripts which has about 100 example scripts, a couple of which show how to do neat stuff with wget and the Lynx browser in command-line mode.

    --
    Gentoo Linux - another day, another USE flag.
  18. Linux costs 699.00!!! by 3.5+stripes · · Score: 3, Funny

    Those SCO guys were nice though, gave a me nice framable certificate.

    --


    He tried to kill me with a forklift!