..And THAT is exactly what MS is advocating. For the past one year, Scott Pulp and his ilks have been saying "It's not so much that we hate disclosure. We are just concerned about the methodologies of such disclosure. It would be great if you let us control those methodologies"

MS even co-opted some "Security" research companies into forming a a sort of alliance with them such that they become privy to 0-day fixes from MS in exchange for NOT disclosing bugs. IIRC, SecurityFocus was one of the "very few" Security houses that that refused to join this alliance. Now, with your article, regardless of how you couch it, what you are advocating is in direct conflict with the SecurityFocus' position in the course of this "Responsible Disclosure" brouhaha. I sincerely hope it's NOT an indication of things to come from SF, now that you have been owned (or gone Corporate).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/114/16793#16793