Find a Bug? Don't E-Mail Microsoft

Find a Bug? Don't E-Mail Microsoft
Brian McWilliams, SecurityFocus 2002-07-23

It may be the most-used vendor bug reporting address in history. This week Redmond put "secure@microsoft.com" out to pasture in favor of a handy Web form.

Expand all | Post comment

Find a Bug? Don't E-Mail Microsoft 2002-07-23
Anonymous (1 replies)

Find a Bug? Don't E-Mail Microsoft 2002-07-24
Anonymous

Poor Idea, baby goes out with the bathwater... 2002-07-23
Geoff Shively

I believe this is a really bad idea on Microsoft's part. My company PivX Solutions has emailed Microsoft 2 times prior to releasing large vulnerabilities, or even just to help them correct an error in their work around; but we never seem to receive a reply.

Our policy is to notify the vendor, in this case MS, and if there is no reply within 20-40 days, we go forward with next steps (releasing, publishing, fixing, etc..).

Microsoft needs a better system and possibly better people to deal with the apparent influx of vulnerabilities coming their way daily, but I certainly think that an web-wizard-form is not the way to go.

I think I speak for everyone when I say, 'if I see another web form instead of an email address, or a phone number, I am going to vomit'.

Geoff Shively, CHO

PivX Solutions, LLC

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/545/15805#15805

Two reporting routes are better than one. 2002-07-24
Avro (1 replies)

Two reporting routes are better than one. 2002-07-24
Johan Denoyer

Don't E-Mail Microsoft--they dont care!!! 2002-07-24
technicolour yawn (1 replies)

Re: Don't E-Mail Microsoft--they dont care!!! 2009-07-06
Ben

Hmmmmm 2002-07-24
Anonymous Coward from dk

Paper trail... 2002-07-24
Michel Salim <salimma1NOatSPAMyahoo.co.uk