Full Disclosure mailing list archives
RE: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore...
From: "joe" <mvp () joeware net>
Date: Sat, 12 Mar 2005 15:04:32 -0500
I can't seem to find where it indicates that the US government is in fact the only government on the security beta... In fact I know of several multi-national companies as well as some small businesses that are on this program and have been on that program for a year or more. I expect there very well could be other governments involved as well only MS doesn't publish the names of everyone in the program, these companies I know about are simply companies I have personally encountered and know they are involved from discussions with them. Say a company like Walmart is the program (I have no clue but would guess it is possible), are they involved so they can hack into competitors servers? Doubtful. You take some small news blurb and run all over the place assuming this that and the other thing like chicken little without any real knowledge of what the program actually is about, its requirements, nor its deliverables. You are the kind of person that is bad for OSS (and probably IT In general) in that you push the whole idea that OSS is more about being anti-MS than an alternative valid and good solution. You make it harder, not easier, for consultants to pitch OSS solutions to corporations because you push the idea that people should use OSS because they don't want to use MS; not in addition to. The flip side to this whole thing if they didn't have a program like this could be you bitching about the quality of testing MS puts into the patching process and that is why people should switch from using MS Products. This program is a response to that previous issue of testing quality; not an attempt to put secret info into the hands of the US government. If MS wanted the US government to have details of the holes prior to everyone else, which is what you are implying here, they could simply send them the details - hell they would simply send them the compiled tool to do the hacking. Additionally, great large swathes of the US government, especially the military branches, are simply trying to keep their heads above water with their normal daily usage IT systems whether those systems are pc's, mainframes, mini's, or supers. They don't have much time to be all black hat like you seem to want to believe. -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of Raj Mathur Sent: Saturday, March 12, 2005 1:11 PM To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... What you're saying would make sense if the US were the only country in the world that uses MS products. I know this may come as a surprise to many people, but there are other places and Governments in the world too, and they too use MS! It shows complete irresponsibility on MS' part to favour one Government over all others in disclosure and bug-fix policy. IMNSHO one more reason for the rest of the world to switch to non-proprietary products and solutions. Regards, - -- Raju - -- Raj Mathur raju () kandalaya org http://kandalaya.org/ GPG: 78D4 FC67 367F 40E2 0DD5 0FEF C968 D0EF CC68 D17F It is the mind that moves -----BEGIN PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..., (continued)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Devdas Bhagat (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Valdis . Kletnieks (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... phased (Mar 13)
- Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... Vincent Archer (Mar 14)
- RE: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... joe (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... phased (Mar 13)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... James Tucker (Mar 13)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Vincent van Scherpenseel (Mar 13)