Full Disclosure mailing list archives
RE: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore...
From: "joe" <mvp () joeware net>
Date: Sat, 12 Mar 2005 13:03:50 -0500
I didn't see Tamas' original note but this program isn't an early patch release program. It is a program for beta testing patches just like the other beta's MS and other companies do. It is simply locked down considerably more due to the possible issues surrounding it. The patches could definitely change prior to actual public launch. As such, the patches aren't intended to be loaded on production equipment and in fact it is explicitely stated to not load it in production if I recall corrrectly. The intent is for external customer test labbing to find the most egregious issues and functionality breaks they may cause so it doesn't impact the user community at large. The folks brought into the beta are the ones most likely to test the patches on a wide variety of scenarios. Unlike many of the other betas, you have an actual testing and feedback requirement and have to agree to that requirement before being allowed in. I previously was a consultant at a large company that was asked if they wanted to be in this program and we declined because we couldn't handle the additional workload that it required as a participant. We just didn't have the resources available. Here is a link that maybe makes the test nature a little more clear http://www.internetnews.com/security/article.php/3489586 -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of J.A. Terranson Sent: Saturday, March 12, 2005 12:15 PM To: Tamas Feher Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... This "story" really just reflects what has been going on in the real world for some time now. Microsoft, Cisco, Juniper, etc., all have both vested interests and public policy interests in notifying those who would be most affected first. This is good public policy as well: if the national infrastructure is compromised, we are all up shit's creek, if Joe's Corner Store is compromised, only Joe and possibly Joe's small geographic user base is hosed. Decrying this shows you have not thought the problem through Tamas. -- Yours, J.A. Terranson sysadmin () mfn org 0xBD4A95BF "Quadriplegics think before they write stupid pointless shit...because they have to type everything with their noses." http://www.tshirthell.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..., (continued)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Valdis . Kletnieks (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Devdas Bhagat (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Devdas Bhagat (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Valdis . Kletnieks (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... phased (Mar 13)
- Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... Vincent Archer (Mar 14)