Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Introduce Faster Security Disclosures

Posted by timothy on Saturday May 7, 2005 @09:21AM from the mistakes-were-made dept.

Starwax writes "Here's a very interesting strategy by Microsoft. After years of complaining about irresponsible disclosure of security alerts by grey hats, Microsoft will now confirm and discuss the vulnerabilities in a new pilot project launching on Tuesday. Advisories will be issued within one business day of a publicly reported security hole along with guidance and mitigation."

2 of 101 comments (clear)

Min score:

Reason:

Sort:

Business Day? by republican+gourd · 2005-05-07 09:23 · Score: 4, Interesting

Microsoft isn't open on weekends? Is that too much to ask a multi-billion dollar company?

Waiting until monday (especially as weekend time is usually the best to schedule downtime) strikes me as a silly idea.
There is still a problem ... by El+Cubano · 2005-05-07 09:39 · Score: 3, Interesting

Advisories will be issued within one business day of a publicly reported security hole along with guidance and mitigation.

So, Microsoft only will do something if inaction stands to bring them negative attention. What I would like to see from Microsoft (and other commercial and/or closed source vendors) is a commitment to treat the security holes their own developers discover in the same way.

I just don't think it is right to withhold the information, espcially if admins can use it so secure their sites, until the threat of public disclosure by a third party is imminent or past.