Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Admits to Hiding Flaw Details

Posted by ryuzaki0 on from the on-a-need-to-know-basis dept.

Spongeform writes "eWeek has an interview with a Microsoft security official admitting to hiding details on software vulnerabilities that are discovered internally. The reason? Microsoft believes that full disclosure of every security-related product change only serves to aid attackers. However, companies using host-based IPS that rely on flaw information to build signatures are basically left at risk because of Microsoft's silent fixes."

2 of 147 comments (clear)

  1. In other news.... by JPribe · · Score: -1, Offtopic

    National Cyber Alert System

                    Technical Cyber Security Alert TA06-109A

    Oracle Products Contain Multiple Vulnerabilities

       Original release date: April 19, 2006
       Last revised: --
       Source: US-CERT

    Systems Affected

         * Oracle Database 10g
         * Oracle9i Database
         * Oracle8i Database
         * Oracle Enterprise Manager 10g Grid Control
         * Oracle Application Server 10g
         * Oracle Collaboration Suite 10g
         * Oracle9i Collaboration Suite
         * Oracle E-Business Suite Release 11i
         * Oracle E-Business Suite Release 11.0
         * Oracle Pharmaceutical Applications
         * JD Edwards EnterpriseOne, OneWorld Tools
         * Oracle PeopleSoft Enterprise Tools
         * Oracle Workflow
         * Oracle Developer Suite 6i

    --

    Why go fast when you can go anywhere? O|||||||O
  2. Re:Microsoft is at war. by Anonymous Coward · · Score: -1, Offtopic

    Only on /. would this obvious anti-bush flamebait not be modded accordingly. Just know you're only preaching to the choir. If you were really trying for a funny mod, why don't you reach into your creative arsenal of M$ bashes and use that. At least it would be on topic given TFA. FLAME ON MY FRIEND, FLAME ON!