MS Invites Security Questions
daria42 writes "Microsoft is inviting ZDNet readers to submit security-related questions online to a team of Microsoft security gurus. Microsoft's Ben English and his team will take questions online until the 30th of May. A selection of questions and answers will be published by ZDNet starting from the 6th of June. Submit your questions starting now!"
If the Microsoft team gets to pick which questions are answered, I doubt this will be akin to Achilles waving his naked foot right under Paris' nose, since questions like, "Why is Microsoft's security better than Linux security?" are more likely to get answered than questions like, "When did Microsoft hire a team of security gurus?"
I Am My Own Worst Enemy
This is pretty much the most basic question possible, but what do you consider to be the range of behaviors that qualify as security bugs?
For example: do you consider features that require the user to do something insecure (like run as a local administrator) in order for that feature to work a bug? Do you consider system defaults that can cause the user to perform an action they didn't intend to do (such as launching a hostile executable) a security bug?
If you answered "Yes" to these questions, do you consider ActiveX web browser plugin support and hiding file extensions to be security bugs? How soon will a patch be available to fix these bugs? How does the timeframe from "discovery of bug" to "fix for bug" compare to your competitors average time-to-fix for security bugs?
Simple enough, really.