Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Hotmail & Passport (.NET Accounts)

From: Georgi Guninski <guninski () guninski com>
Date: Sat, 10 May 2003 19:11:26 +0300
Nick FitzGerald wrote:
Whether you like it or not, MS has a policy governing acknowledgement of vulnerability discoverers/reporters: 

   http://www.microsoft.com/technet/security/bulletin/policy.asp
Back in around 1997/1999 ms credited (almost) anyone who bothered to disclose a bug - check their bulletins. After then this changed. My explanation is that they realized there are *a lot* of bugs left and tried to pressure people who bothered to disclose bugs to them to keep hush until they fix the bugs. 

My 2 stotinki,
Georgi


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: