Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft to Introduce Faster Security Disclosures

Posted by timothy on from the mistakes-were-made dept.

Starwax writes "Here's a very interesting strategy by Microsoft. After years of complaining about irresponsible disclosure of security alerts by grey hats, Microsoft will now confirm and discuss the vulnerabilities in a new pilot project launching on Tuesday. Advisories will be issued within one business day of a publicly reported security hole along with guidance and mitigation."

10 of 101 comments (clear)

  1. Business Day? by republican+gourd · · Score: 4, Interesting

    Microsoft isn't open on weekends? Is that too much to ask a multi-billion dollar company?

    Waiting until monday (especially as weekend time is usually the best to schedule downtime) strikes me as a silly idea.

    1. Re:Business Day? by 0x461FAB0BD7D2 · · Score: 4, Insightful

      Would IT technicians come back on weekends to fix their systems? If not, then making vulnerabilities public at that time only helps script kiddies.

      Waiting until Monday ensures that IT guys get a rest too.

    2. Re:Business Day? by 0x461FAB0BD7D2 · · Score: 4, Insightful

      Good IT technicians do what it takes to keep their systems secure, given their resources. But expecting them to slave over their systems, testing and rolling out every new patch as soon as it's out is ludicrous.

      If coming in on a weekend isn't asking too much, where do you draw the line?

    3. Re:Business Day? by SnprBoB86 · · Score: 4, Funny

      "where do you draw the line?"

      I'm not sure where you draw the line, but I can tell you that if you would take a bullet for a server... you've crossed it, wherever it is...

      --
      http://brandonbloom.name
  2. Re:i hate to sound like a total dunce by filtur · · Score: 5, Funny
    but what is a grey hat?

    Someone who can't decided on whether to be a black hat or a white hat. Kinda like Michael Jackson

  3. Re:i hate to sound like a total dunce by YouCanCallMeAl · · Score: 4, Informative

    Gray Hat Somewhere between a "good guy" and a "bad guy" in terms of computer security.

  4. Re:i hate to sound like a total dunce by m50d · · Score: 4, Informative

    A hacker/cracker who does illegal stuff but not unethical things.

    --
    I am trolling
  5. Interesting Strategy? by lecithin · · Score: 4, Insightful

    "Advisories will be issued within one business day of a publicly reported security hole"

    If it is already public, does it matter? So, does this mean that if they know of something, they are going to wait until somebody else finds the problem and makes it public before letting their customers (and the rest of the world) know?

    I'm missing the interesting strategy on this one. Just sounds like they want us to think that they are being proactive. I dunno. Perhaps I am the only one that thinks that Microsoft is evil.

    --
    It could be worse, it could be Monday.
  6. My favorite line by portwojc · · Score: 5, Insightful

    when researchers jump the gun and release vulnerability details before a patch is available.

    Jump the gun? Oh that's right telling Microsoft there's a security flaw and waiting months before going public is jumping the gun after all.

    Gotta love these articles. Nice spin make the researchers look like the bad guys...

    At least now we'll get to hear about flaws quicker and that they don't have a patch or a work around.

  7. microsoft sucking less by poor_boi · · Score: 4, Funny

    Does anyone else get a sinking feeling in their tummy every time Microsoft does something right, something better, or something intelligent? I like hating them. If I can't hate them, I'll have to hate something else. And I haven't been paying much attention to worthy targets over the past few years. I'm afraid I might have to turn my hate inwards if they improving. And that can't be good.