Slashdot Mirror


Microsoft Admits to Hiding Flaw Details

Spongeform writes "eWeek has an interview with a Microsoft security official admitting to hiding details on software vulnerabilities that are discovered internally. The reason? Microsoft believes that full disclosure of every security-related product change only serves to aid attackers. However, companies using host-based IPS that rely on flaw information to build signatures are basically left at risk because of Microsoft's silent fixes."

1 of 147 comments (clear)

  1. Re:So that's why Microsoft has such a low vulnerab by Whiney+Mac+Fanboy · · Score: 3, Interesting

    Please reread my post.

    You write:Most Windows system administrators are not programmers, and of those that are fewer still are technically skilled enough to reverse engineer a binary patch.

    Which is exactly what I quoted:The guy that feels the pain is the system administrator who is in the dark and who can't do his own reverse-engineering,"

    It's the attacker doing the reverse engineering, not the sysadmins.

    --
    There are shills on slashdot. Apparently, I'm one of them.