Full Disclosure mailing list archives
Re: How to Report a Security VulnerabilitytoMicrosoft
From: mcbain () aol com
Date: Tue, 12 Apr 2005 17:00:46 -0400
Did you notice in my email i said they "admit" it? There is no argument here nor there. The reason for this (from redmond) is they cannot break computers that are out there. There tolerance has to be even below one percent ,and even that is too much and finally conceded with them on their points. Also, they do not "patch" they find the root of the problem which adds more time. So you should be seeing less workarounds of microsoft patches. This is where the market for those third party scanners are out there for 0day or need to be picked up on by AVP's (which i must say have been doing better). Mike www.michaelevanchik.com -----Original Message----- From: Georgi Guninski <guninski () guninski com> To: mcbain () aol com Cc: tuytumadre () att net; jasonc () science org; full-disclosure () lists grok org uk Sent: Tue, 12 Apr 2005 23:42:41 +0300 Subject: Re: [Full-disclosure] How to Report a Security VulnerabilitytoMicrosoft On Mon, Apr 11, 2005 at 01:55:00PM -0400, mcbain () aol com wrote:
They do want you to communicate with them (or vendors) in a more
responsible manner but at the same time totally admit to their "PR issue" and how they have handled bug finders in the past and internal security in the past and are changing. There email in this thread is exactly the truth as it was written.
calculate the difference in the dates: http://www.securityfocus.com/archive/1/395563/2005-04-09/2005-04-15/0 Microsoft MSHTA Script Execution Vulnerability iDEFENSE Security Advisory 04.12.05 www.idefense.com/application/poi/display?id=231&type=vulnerabilities April 12, 2005 VIII. DISCLOSURE TIMELINE 11/02/2004 Initial vendor notification 11/02/2004 Initial vendor response 04/12/2005 Coordinated public disclosure http://www.securityfocus.com/archive/1/395562/2005-04-09/2005-04-15/0 VIII. DISCLOSURE TIMELINE 10/25/2004 Initial vendor notification 10/25/2004 Initial vendor response 04/12/2005 Coordinated public disclosure http://www.securityfocus.com/archive/1/395559/2005-04-09/2005-04-15/0 VIII. DISCLOSURE TIMELINE 11/11/2004 Initial vendor notification 11/11/2004 Initial vendor response 04/12/2005 Coordinated public disclosure -- where do you want bill gates to go today?
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: How to Report a Security VulnerabilitytoMicrosoft Jason Coombs (Apr 11)
- Re:How to Report a Security VulnerabilitytoMicrosoft Thomas Zangl - Mobil (Apr 11)
- Re: How to Report a Security VulnerabilitytoMicrosoft Dan Becker (Apr 11)
- <Possible follow-ups>
- Re: How to Report a Security VulnerabilitytoMicrosoft tuytumadre (Apr 11)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 11)
- Re: How to Report a Security VulnerabilitytoMicrosoft Bipin Gautam (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft bkfsec (Apr 13)
- Re: How to Report a Security VulnerabilitytoMicrosoft Georgi Guninski (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft Valdis . Kletnieks (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft dk (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft Valdis . Kletnieks (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 11)
- Re:How to Report a Security VulnerabilitytoMicrosoft Thomas Zangl - Mobil (Apr 11)
- Re: How to Report a Security VulnerabilitytoMicrosoft Georgi Guninski (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft mcbain (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft dk (Apr 12)
- Re: How to Report a Security VulnerabilitytoMicrosoft bkfsec (Apr 13)
- Re: How to Report a Security Vulnerability to Microsoft Steve Friedl (Apr 13)