MS To Share Early Flaw Data With Governments

Trailrunner7 writes "Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a 'Defensive Information Sharing Program' that will offer government entities at the national level technical information on vulnerabilities that are being updated in their products." There's a stream the bad guys would dearly love to tap into.

Re:Unfortunately...

[Ethanol-fueled]

It's no surprise that they named it after Omega, the big gaping Goatse of Greek letters.

Sounds like kind of a rip-off

[ivandavidoff]

MS will provide information only "after our investigative and remediation cycle is completed..." In other words, after the vulnerability is discovered and fixed, and the patch is ready to roll out.

Then, "disclosure will happen just prior to our security update release cycles."

So the disclosure amounts to this:

"Tomorrow's MS Windows Update contains a security patch that fixes a serious vulnerability in your system. Oh, by the way, you have a serious vulnerability in your system."

License to hack!

[molo]

This is insanity! So the government of US, UK, Israel, China, etc. will get information on vulnerabilities before the general public? The obvious outcome isn't a more secure government server, it is that the intelligence agencies will get a headstart on exploiting public and private systems the world over. It is a license to hack, for either industrial espionage or government espionage purposes.

What is a system administrator to do? There is no way to prepare for this kind of thing, the attack vectors will be unknowable by the general public. My only thought is to switch as many systems away from Microsoft as fast as possible. This is a total security nightmare.

-molo