Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Patch Creation at Microsoft

Posted by CowboyNeal on from the inside-looks dept.

devonshire writes "Officials at the Microsoft Security Response Center have provided a detailed look at the process used to create security patches. From the time the first vulnerability data is received from grey hats to the time a bulletin is shipped, it's a pretty interesting look at how they handle the information flow and patch testing and why it takes so darn long to release an IE update."

6 of 274 comments (clear)

  1. patch info by lifo-fifo · · Score: -1, Troll

    Ever notice the "beat the rush and see it early" link at the top of slashdot when a new story is about to come out?

    Sounds good, doesn't it? To be able to view the pages linked to in the article before the tens of thousands of other slashbots click to view them.

    Did it ever occur to you that you're taking part in cyber-terrorism?

    That's right: Slashdot's editors are cyber-terrorists. They coordinate a DOS against small websites, and they attempt to collect moeny from people who wish to be spared the effects of said DOS. Terrorism, plain and simple.

    You can fight this and other crimes by slashdot's editors by joining anti-slash. Anti-slash is committed to forcing the editors to own up to their numerous crimes against the geek community. Until our demands are met, we will relentlessly discredit them as a news service through trolling and other means.

    Also, props to poopbot and the alan thicke troll. We remember your accomplishments.

    In sacred jihad,

    jihadi_31337

    | _ __ | |
    _) |_|_)__/_| |
    (_) o

  2. Re:1,000,000 monkeys by Infinityis · · Score: 0, Troll

    Nope. Accodring to Microsoft, it's the open source software that is being written by one million monkeys.

  3. #irc.trooltalk.com by Anonymous Coward · · Score: -1, Troll

    study. [rice.edu] and the Bazaar show that FreeBSD clothes or be a Goals I personaaly Polite to bring

  4. You dumb fucking fucksnack ass! by Anonymous Coward · · Score: -1, Troll

    Just because they're popular, they're not supposed to post links to any websites, ever? Oh, dear God no, a website received increased traffic for a day! The world is coming to an end! Nevermind the fact that many websites /make/ money off their traffic. Besides, you can always use mirrordot or the Coral Cache.

    Whiny ass bitchfuck.

  5. It's called "testing". by khasim · · Score: -1, Troll
    I do run a business, in fact.

    And you read /. so you must be one of them "informed" businessmen.

    With most applications, TCO is already down the toilet just with the time it would take to *find* somebody who could do it, never mind actually paying the person.

    Huh? I do testing all the time, every day, for dozens of apps.
    Case in point... the last Firefox upgrade broke all of our machines (Firefox quit working on all of my machines... I hope that was all that was effected).

    You didn't do ANY testing? None at all? What's up with THAT? You didn't even do a staggered roll-out?

    Guess you don't qualify for the "informed" businessman tag.
    Insignficiant program, true, but what am I supposed to do... hire somebody to review each of Firefox's releases to tell me whether or not they'll work?

    Well, you could phrase it in that manner. I'd just say "include FireFox in our list of approved and tested apps" and have the person who is already testing apps and patches do FireFox also.
    Am I supposed to spend, what, $10-20K to have a Unix programmer come in to analyze the latest Firefox build and tell me where the problem is?

    No, why would you? Testing a new release of FireFox shouldn't take more than 15 - 30 minutes. I'm sure your IT people can manage that before telling you it is safe to roll it out.
    That's insane.

    Hey, you're the one that said it, no one else.
    Instead, we simply removed Firefox from all of our machines, and went with IE, which was already properly tested before being pushed out to users.

    So your IT people test IE, but don't test FireFox and you blame FireFox for that? Huh?
    Much cheaper. Much simpler. Much quicker time for me to get back to the core of my business (which trying to get broken web browsers to work).

    And still you're posting on /.? But you think that spending 15-30 minutes to test a new release is too much? WTF? Hold it, your website references a pet supply store. HOW MANY COMPUTERS DO YOU HAVE? Or are YOU pretending to be the IT staff as well as the manager? That would explain the "problems" you've encountered. By "all of our machines" you mean "BOTH of our machines", don't you?
  6. And now I will clarify that. by khasim · · Score: 0, Troll

    #1. "Some extensions don't work (I've since forgotten which ones)"

    Sorry, that isn't "specific". That is vague and unhelpful. Disregarded.

    #2. "When I start up the app, sometimes the "update" icon is right next to the "help" menu item (not where it should be).. and the app is completely frozen. Only restarting FF fixes this (and it sometimes does not)"

    What app? Again, "specific". Not general. Disregarded.

    #3. "The fact that they don't release patches (critical security updates, at least!) is a major downfall for FF."

    They DO release patches and critical security updates. They just release them as a completely new build. Disregarded.

    So, all of your complaints are of the type most often seen on /., vague, undefined and some of them you just don't even remember.

    Great.

    In the meantime, I'm running 1.0.4 without any problems and the auto-update feature of the extension system just told me that there's a new version of ie-view available. It's already installed and all I have to do is re-start FireFox.