MS To Share Vulnerability Details Ahead of Patches

Bridge to Nowhere writes "ZDNet is reporting that Microsoft will start sharing details on software vulnerabilities with security vendors ahead of Patch Tuesday under a daring new program aimed at reducing the window of exposure to hacker attacks. The new Microsoft Active Protections Program (MAPP) will give anti-virus, intrusion prevention/detection and corporate network security vendors a head-start to add signatures and filters to protect against Microsoft software vulnerabilities."

Leaks guaranteed

[SanderDJ]

According to TFA MS has some strict requirements for its intended partners. However, history has shown that the more people know a "secret", the sooner it will be revealed. Not a good thing when fighting zero-day exploits.

I foresee disasters.

This doesn't make sense

[jhfry]

Why would MS, if they know about the problem and are planning a patch for it, let the security vendors know. Essentially that would make the vendors a stopgap until the patch is released a few days later.

Why the hell doesn't MS simply release a stop-gap patch themselves and then finalize it on Tuesday. All this does is shift the blame for a bad fix to the security vendor who has a much smaller understanding of the problem's cause and potential effects.

I am so tired of shoddy software from the richest company in the world, there is absolutely no excuse for it! With their resources they could develop the OS using the same practices used in medical equipment software and be able to guarantee a neigh 99.9999% uptime... but instead they release crappy code and milk the public for cash.

I am not a big fan of regulation, however I believe that any company that creates an unsafe product needs to be penalized, even if that product is software. Microsoft has indirectly caused trillions of dollars in lost productivity, theft, vandalisim, security management costs etc... Almost all of which could have been prevented using the resources available to them.