Microsoft Opens Its Security Research Cookbooks

greg65535 writes "Today Microsoft launched a blog about the internals of their IT security research and patch development process. There are already some posts that you will not find in the official security bulletins or KB articles. One of the posts says, 'We periodically identify workarounds or mitigations like this that we can't use for official guidance because they're either too nuanced or have some exception cases. When we discover something potentially useful but are uncomfortable listing it in the bulletin, we'll do our best to describe it here in this blog.' It looks like Microsoft is making an effort to become more 'open' in the area of security research and communication."

Re:BAMF!

[cmacb]

Chapter 3

There is no Chapter 3.

Re:Microsoft Security Protocols

[killjoe]

>Security is about the best tool for the job and it's not always the Open Source tool,

Maybe the best tool for the job is not the open source tool but it's never the tool made by MS.

>Locking down desktops and client machines is a key security method and AD offers about the best way to do this on the market - I suppose you use Samba and about 500 perl scripts, instead, do you?

X. Look it up.

Re:Wireshark

[miffo.swe]

You know a couple of people running Vista? Thats much more interesting because every single soul i know have switched back to XP or started using Linux.

The people you know seems like real MS fanbois if they still run Vista.

Re:Openness

Fuck you.
Go to Red Hat or Ubuntu's security updated page, and you see dozens and dozens of security updates over 2007, 2006, 2005, etc. And of all those, I bet my right nut (that's right, I said the "right nut", not the "left" one that most people bet, that's how confident I am) that you've read the corresponding source code to exactly ZERO of those bugs. So get off your high horse and STFU, idiot.