Slashdot Mirror

← Back to Stories (view on slashdot.org)

MS To Share Early Flaw Data With Governments

Posted by kdawson on from the for-your-eyes-only dept.

Trailrunner7 writes "Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a 'Defensive Information Sharing Program' that will offer government entities at the national level technical information on vulnerabilities that are being updated in their products." There's a stream the bad guys would dearly love to tap into.

6 of 100 comments (clear)

  1. The Bad Guys by Arancaytar · · Score: 4, Funny

    with governments

    Sounds like they don't need to tap. :P

  2. WTF? by Anonymous Coward · · Score: 4, Insightful

    Because governments would never help a company in their nation with industial espionage.....

  3. Re:Unfortunately... by Ethanol-fueled · · Score: 5, Funny

    It's no surprise that they named it after Omega, the big gaping Goatse of Greek letters.

  4. people by crsuperman34 · · Score: 4, Interesting

    As every black hat knows: you will not need to compromise the software. You just have to compromise one of the people working for the government in question.

  5. Sounds like kind of a rip-off by ivandavidoff · · Score: 5, Informative

    MS will provide information only "after our investigative and remediation cycle is completed..." In other words, after the vulnerability is discovered and fixed, and the patch is ready to roll out.

    Then, "disclosure will happen just prior to our security update release cycles."

    So the disclosure amounts to this:

    "Tomorrow's MS Windows Update contains a security patch that fixes a serious vulnerability in your system. Oh, by the way, you have a serious vulnerability in your system."

  6. License to hack! by molo · · Score: 5, Insightful

    This is insanity! So the government of US, UK, Israel, China, etc. will get information on vulnerabilities before the general public? The obvious outcome isn't a more secure government server, it is that the intelligence agencies will get a headstart on exploiting public and private systems the world over. It is a license to hack, for either industrial espionage or government espionage purposes.

    What is a system administrator to do? There is no way to prepare for this kind of thing, the attack vectors will be unknowable by the general public. My only thought is to switch as many systems away from Microsoft as fast as possible. This is a total security nightmare.

    -molo

    --
    Using your sig line to advertise for friends is lame.