Slashdot Mirror
Microsoft to Offer Patches to U.S. Govt. First
Elitist_Phoenix writes "Reuters reports that 'Microsoft is to give the U.S. government priority in fixing security holes in Windows and other software, The Wall Street Journal reported on Friday. Under a plan to take effect later this year, Microsoft will give the U.S. Air Force versions of software 'patches' to fix serious security vulnerabilities up to a month before they are available to others.' Yet another attempt to fight off impending doom, by trying to keep the government away from open source?"
the patches screw up the systems, as has happened in the past?
Also, how would other governments see this? Would they accept being 'second-class customers', no different in Microsoft's eyes to the Average Joe?
I wonder how long it will be before someone creates a virus based on knowledge found in a patch that has only been released to the government.
If you were the Japanese government, would you want to know that the US were getting referential treatment?
If you were the Chinese government, would you want to know the US is getting free help from Microsoft to spy on you? Probably not.
If you were a concerned person living in another county who happens to find out about an exploit in Windows, would you want the US government getting a month-long head start on hacking/spying on the rest of the world, possibly even including the country you live in?
Microsoft has spent years trying to convince people who find exploits to "do the ethical thing" and tell them about it before letting the rest of the world know. If you happen to be a citizen of another country, this puts a very big question mark on whether giving MS the exploit is "the ethical thing" to do.
My best guess is that otherwise helpful security proffesionals who happen to live outside our borders will be posting more and more exploits directly to the web because of this policy. Ironically, that will end up making things _less_ secure for the Air Force in the long run.
TW