Brian McWilliams, SecurityFocus 2002-07-23
It may be the most-used vendor bug reporting address in history. This week Redmond put "secure@microsoft.com" out to pasture in favor of a handy Web form.
Colapse all |
Post comment
Find a Bug? Don't E-Mail Microsoft
2002-07-23
Anonymous (1 replies)
Anonymous (1 replies)
Poor Idea, baby goes out with the bathwater...
2002-07-23
Geoff Shively
Geoff Shively
I believe this is a really bad idea on Microsoft's part. My company PivX Solutions has emailed Microsoft 2 times prior to releasing large vulnerabilities, or even just to help them correct an error in their work around; but we never seem to receive a reply.
Our policy is to notify the vendor, in ...
[ more ] [ reply ]
Our policy is to notify the vendor, in ...
[ more ] [ reply ]
Two reporting routes are better than one.
2002-07-24
Avro (1 replies)
Avro (1 replies)
There is an large advantages to this form for both micorsoft and the security comunity in that this form requires some basic infomation and most importantly an decription of how to reproduce this attack. With out this infomation the form can not be sent meaning that the number of incompleet discript...
[ more ] [ reply ]
[ more ] [ reply ]
Two reporting routes are better than one.
2002-07-24
Johan Denoyer
Johan Denoyer
I have had to contact Microsoft concerning some bugs... I used both methods, and I received an answer with-in half a day for both of them. I guess the webform is used to collect data they need by asking questions. Could be used for non-experts. (Yes newbees sometimes find security flaws)...
[ more ] [ reply ]
[ more ] [ reply ]
Don't E-Mail Microsoft--they dont care!!!
2002-07-24
technicolour yawn (1 replies)
technicolour yawn (1 replies)
Why bother alerting MS to the gaping flaws in their code?
First, they dont care.
Second, you're going to release the alert to the appropriate mailing lists shortly thereafter anyway.
Third, why are you using MS products in the first place, dont you know better ??
Fourth, They dont care (unless t...
[ more ] [ reply ]
First, they dont care.
Second, you're going to release the alert to the appropriate mailing lists shortly thereafter anyway.
Third, why are you using MS products in the first place, dont you know better ??
Fourth, They dont care (unless t...
[ more ] [ reply ]
Re: Don't E-Mail Microsoft--they dont care!!!
2009-07-06
Ben
Ben
Microsoft does care about flaws that its users find. I'm pretty sure that humans in Redmond *do* read each and every submission.
By notifying Microsoft about a security problem you find, rather than immediately posting it to your favorite mailing list, you could be indirectly helping millions of ...
[ more ] [ reply ]
By notifying Microsoft about a security problem you find, rather than immediately posting it to your favorite mailing list, you could be indirectly helping millions of ...
[ more ] [ reply ]
What's the matter with the email method. Their server can't handle the daily flood of reports :->...
[ more ] [ reply ]