, SecurityFocus 2001-11-09
Five computer security firms join Microsoft to set an official standard for limiting disclosure of software security holes
Expand all |
Post comment
Shocking developments
2001-11-09
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]> (2 replies)
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]> (2 replies)
Such a policy for disclosure already exists
2001-11-09
Dumky (1 replies)
Dumky (1 replies)
Such a policy for disclosure already exists
2001-11-10
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]>
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]>
...on second thought...Kudos!
2001-11-09
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]> (1 replies)
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]> (1 replies)
So what would force Microsoft to patch these holes if exploits are not published?
2001-11-10
Rafal Sybilla-Leszczynski (1 replies)
Rafal Sybilla-Leszczynski (1 replies)
So what would force Microsoft to patch these holes if exploits are not published?
2001-11-12
Anonymous
Anonymous
Microsoft have no server monopoly: this may reduce their share
2001-11-12
Kirsten Bayes (kirruth@hushmail)
Kirsten Bayes (kirruth@hushmail)
> Basically these 5 concerns hardly publish exploits anyway.
They're hoping to emulate the success of the Antivirus secret society - McAfee, "Norton", et. al.
1, MS feeds them NDA information.
2, Figure out a minimal bandaid.*
3, Cry: "Wolf! OMIGAWD! Wolf!!!"
4, Sales/upgrade revenues pour in.
* minimal only; this model requires a steady stream of vulnerabilities to cry wolf over.
I don't think The Hacker Formerly Known as Weld Pond has considered that with MS spoon-feeding the company, they won't need expensive research talent. How many Mudges does one company need to own? Only one: to yell "Wolf!" and hold a press conference.
It'd be ironic if whilst trying to screw the community at large, he became obsolete.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/281/8681#8681