Security Patch Creation at Microsoft

devonshire writes "Officials at the Microsoft Security Response Center have provided a detailed look at the process used to create security patches. From the time the first vulnerability data is received from grey hats to the time a bulletin is shipped, it's a pretty interesting look at how they handle the information flow and patch testing and why it takes so darn long to release an IE update."

Re:1,000,000 monkeys

[Infinityis]

Nope. Accodring to Microsoft, it's the open source software that is being written by one million monkeys.

And now I will clarify that.

[khasim]

#1. "Some extensions don't work (I've since forgotten which ones)"

Sorry, that isn't "specific". That is vague and unhelpful. Disregarded.

#2. "When I start up the app, sometimes the "update" icon is right next to the "help" menu item (not where it should be).. and the app is completely frozen. Only restarting FF fixes this (and it sometimes does not)"

What app? Again, "specific". Not general. Disregarded.

#3. "The fact that they don't release patches (critical security updates, at least!) is a major downfall for FF."

They DO release patches and critical security updates. They just release them as a completely new build. Disregarded.

So, all of your complaints are of the type most often seen on /., vague, undefined and some of them you just don't even remember.

Great.

In the meantime, I'm running 1.0.4 without any problems and the auto-update feature of the extension system just told me that there's a new version of ie-view available. It's already installed and all I have to do is re-start FireFox.