Microsoft miffed at Bulgarian bug buster

Microsoft miffed at Bulgarian bug buster
John Leyden, The Register 2001-01-19

Redmond says hasty disclosure, not buggy software, puts customers at risk.

Microsoft Patch Quality 2001-01-19
Nick

Georgi also works for Netscape 2001-01-19
Anonymous

getting Microsoft to respond 2001-01-20
tlk (at) irt (dot) net [email concealed] (1 replies)

getting Microsoft to respond 2001-01-21
anonymous

RFPolicy 2001-01-21
black-hand

if we go by RFPolicy (which I consider to be reasonable)

http://www.wiretrip.net/rfp/policy.html

"B. The MAINTAINER is to be given 5 working days (in respects to the ORIGINATOR) from the DATE OF CONTACT; should no contact occur by the end of 5 working days, the ORIGINATOR should disclose the ISSUE. "

5 days should be plenty of time to get a hotfix out, and Georgi's advisory (http://www.guninski.com/wmp7ie-desc.html) states that Microsoft where contacted on the 26th and the advisory was published on the 1st

Microsoft have yet to release a patch (that i know of: http://www.microsoft.com/technet/security/current.asp)

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/140/4426#4426

RFPolicy 2001-01-21
black-hand