, SecurityFocus 2001-11-09
Five computer security firms join Microsoft to set an official standard for limiting disclosure of software security holes
Expand all |
Post comment
Shocking developments
2001-11-09
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]> (2 replies)
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]> (2 replies)
Such a policy for disclosure already exists
2001-11-09
Dumky (1 replies)
Dumky (1 replies)
Such a policy for disclosure already exists
2001-11-10
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]>
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]>
...on second thought...Kudos!
2001-11-09
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]> (1 replies)
H Carvey <keydet89 (at) yahoo (dot) com [email concealed]> (1 replies)
So what would force Microsoft to patch these holes if exploits are not published?
2001-11-10
Rafal Sybilla-Leszczynski (1 replies)
Rafal Sybilla-Leszczynski (1 replies)
So what would force Microsoft to patch these holes if exploits are not published?
2001-11-12
Anonymous
Anonymous
My thought is that even though they have the desktop monopoly, Microsoft are a long way from having a monopoly on servers or the data centre.
In the end, if a vendor can't or won't provide timely, detailed information about its products (in any area of interest, not just security), that needs to be factored into the purchase decision.
For me, the no brainer client-server decision was always MS desktops, Unix servers. If the Unix server is going to be Intel in future (no reason why not), Linux or the BSDs look like the natural first choice.
Microsoft needs to do more to convince CIOs and data centre managers why they should use its products on their servers.
Limiting security information to a clique is categorically not the way to do this: all this does is mean that those people outside the clique will recommend other solutions, and so they should.
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/281/8764#8764