Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS To Share Early Flaw Data With Governments

Posted by kdawson on from the for-your-eyes-only dept.

Trailrunner7 writes "Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a 'Defensive Information Sharing Program' that will offer government entities at the national level technical information on vulnerabilities that are being updated in their products." There's a stream the bad guys would dearly love to tap into.

14 of 100 comments (clear)

  1. The Bad Guys by Arancaytar · · Score: 4, Funny

    with governments

    Sounds like they don't need to tap. :P

    1. Re:The Bad Guys by Moblaster · · Score: 3, Informative

      Maybe MSFT is still sore about the 3rd NSA key http://bit.ly/avkiLe

      Thank goodness we can still trust Apple because they make a lot of their computers in China.

  2. ah its for security by pilgrim23 · · Score: 3, Insightful

    and everyone KNOWS how well governments can keep secrets.

    --
    - Minutus cantorum, minutus balorum, minutus carborata descendum pantorum.
  3. WTF? by Anonymous Coward · · Score: 4, Insightful

    Because governments would never help a company in their nation with industial espionage.....

  4. Unfortunately... by brian0918 · · Score: 3, Funny

    Unfortunately for the government, the Omega program is only in alpha release.

    1. Re:Unfortunately... by Ethanol-fueled · · Score: 5, Funny

      It's no surprise that they named it after Omega, the big gaping Goatse of Greek letters.

  5. Re:ah its for security by Anonymous Coward · · Score: 3, Insightful

    It's certainly not about security. It's purely a PR scheme. MS wants to make government agencies feel important and special if they use their products. Nothing impresses government officials more than press releases that make every bullshit bing player happy.

  6. people by crsuperman34 · · Score: 4, Interesting

    As every black hat knows: you will not need to compromise the software. You just have to compromise one of the people working for the government in question.

  7. Re:WIKILEAKS by fredc97 · · Score: 3, Funny

    Actually an early information about security patches from Microsoft looks like that:

    Product Affected: all versions of windows
    Risk: Remote code execution
    Rating: Critical
    Reboot required: You betcha

    Description: This vulnerability is even more serious than the previous 10 000 other Critical software updates, if 0 were the highest priority on a scale 1 to 10, this one would rate -10 000, see that's like super duper uber hyper critical times 3.

  8. Sounds like kind of a rip-off by ivandavidoff · · Score: 5, Informative

    MS will provide information only "after our investigative and remediation cycle is completed..." In other words, after the vulnerability is discovered and fixed, and the patch is ready to roll out.

    Then, "disclosure will happen just prior to our security update release cycles."

    So the disclosure amounts to this:

    "Tomorrow's MS Windows Update contains a security patch that fixes a serious vulnerability in your system. Oh, by the way, you have a serious vulnerability in your system."

  9. Linux does this for everyone. by linzeal · · Score: 3, Insightful

    Doesn't Linux already do this, for everyone? The only people who are going to be fooled by this in the government are elitist pricks.

    --
    An Education is the Font of All Liberty
  10. take a page out of by nimbius · · Score: 3, Insightful

    the book of FLOSS guys. all your customers need to promptly know when you find flaws, not just the governments with the ability to restrict your sales and service. Im talking about banks, schools, hospitals, and power plants.

    --
    Good people go to bed earlier.
  11. License to hack! by molo · · Score: 5, Insightful

    This is insanity! So the government of US, UK, Israel, China, etc. will get information on vulnerabilities before the general public? The obvious outcome isn't a more secure government server, it is that the intelligence agencies will get a headstart on exploiting public and private systems the world over. It is a license to hack, for either industrial espionage or government espionage purposes.

    What is a system administrator to do? There is no way to prepare for this kind of thing, the attack vectors will be unknowable by the general public. My only thought is to switch as many systems away from Microsoft as fast as possible. This is a total security nightmare.

    -molo

    --
    Using your sig line to advertise for friends is lame.
  12. You know you've been reading /. too much... by Anachragnome · · Score: 3, Funny

    The first time I read that headline, my brain completely omitted the word "data" without skipping a beat.

    It sounded par for the course, I guess.