Daily Exploit Releases Irk Both Vendors and Crooks
conJunk writes "Security Focus has an article about HD Moore's Exploit-Every-Day-in-July endeavor raising the hackles of both browser vendors and criminals. He started the project because he felt that vendors were not taking his analysis seriously enough, but he appears to be the only one enjoying it. 'Black Hats' are having their exploits exposed, and Microsoft (who bears responsibility for the majority of the browser holes) can't keep up with the pace he's setting." From the article: "The software giant indirectly criticized the release of vulnerabilities in a statement to SecurityFocus, underscoring the importance of getting customers updated before they are exposed to threats from malicious attackers. 'Microsoft continues to encourage responsible disclosure of vulnerabilities,' the software giant said in a statement sent to SecurityFocus. 'We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests.'"
A direct quote from the IE team over at Microsoft: "Don't tell anyone about all our holes! Then we won't have to fix them."
(end of post)
for those of you who like to read nothing.
Headline says: Daily Exploit Releases Irk Both Vendors and Crooks
Considering that Microsoft is the only Vendor complaining, and considering they've had months to fix all of these and didn't, the headline should be:
Daily Exploit Releases Irk Crooks
Viper is the preferred editor of the Emacs operating system.
I'm intrigued by your ideas and would like to subscribe to your newsletter.