MS To Share Vulnerability Details Ahead of Patches

Bridge to Nowhere writes "ZDNet is reporting that Microsoft will start sharing details on software vulnerabilities with security vendors ahead of Patch Tuesday under a daring new program aimed at reducing the window of exposure to hacker attacks. The new Microsoft Active Protections Program (MAPP) will give anti-virus, intrusion prevention/detection and corporate network security vendors a head-start to add signatures and filters to protect against Microsoft software vulnerabilities."

Re:So the first might start like this...

They already do (and have for a long time), they just have a ton of NDAs and have publicly denied the program, even though I can assure you the major vendors have been in it for years.

Re:This doesn't make sense

[mrboyd]

Maybe they don't due to the fact that medical equipment and lunar probes have a much more limited feature set than say Microsoft Word and they cost orders of magnitude more money to put together.

If you are ready to have a fairly limited in scope operating system running on "state of the art" hardware(read: created somewhere in the 1970) there are some option for you if you have the cash.

But of course you probably don't and you expect your operating system to run your crappy non fault-tolerant hardware, 20 bucks usb printer, subsidized phone with and half compliant bluetooth stack, play "stolen" music and video in 200 different codec, all the while browsing the web and playing flash games and maybe another 50 or so other applications Microsoft and Linus Thorvald have limited control over.

To put it in perspective again, your highly sensitive medical device, has been designed with custom hardware, most probably redundant , run on dedicated chipset with under 10k LOC, when it's not purely mechanical. It is rarely networked if ever and you will NOT be AUTHORIZED to use or service them without a Biomedical Equipment Technology Training.
Imagine how much you'd spend just to get one over to clean your keyboard from breadcrumb...
And.. it does fail from time to time as you can see here: http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTopic/medicaldevicesafety/mds.cfm?page=2&sort=2

When your average defibrillator or PET scan can browse youtube and play britney spear latest album I'll consider your "medical" arguments.

Trillions of dollars? I believe that low cost computers and softwares, including Microsoft's, have helped generate trillions of trillions of dollars through increased productivity. Just think about trying to design a modern airbus or a car without a computer. I am pretty sure that overall the profit/loss ratio due to microsoft/linux crashes is still in the five nine range.

Cheers.