Full Disclosure mailing list archives
RE: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore...
From: "J.A. Terranson" <measl () mfn org>
Date: Sat, 12 Mar 2005 15:34:50 -0600 (CST)
On Sat, 12 Mar 2005, joe wrote:
I didn't see Tamas' original note but this program isn't an early patch release program. It is a program for beta testing patches just like the other beta's MS and other companies do. It is simply locked down considerably more due to the possible issues surrounding it. The patches could definitely change prior to actual public launch.
Nevertheless, you and I both know that this program will be used as an early patch release program, and will in fact serve as such once the soon-to-be-released patches are finalized on these preliminary machines.
As such, the patches aren't intended to be loaded on production equipment
HahahahAHAHAHahahhaAAhhAahahaha!!!! Microsoft? Not intended for production machines??? ROFL!
and in fact it is explicitely stated to not load it in production if I recall corrrectly. The intent is for external customer test labbing to find the most egregious issues and functionality breaks they may cause so it doesn't impact the user community at large. The folks brought into the beta are the ones most likely to test the patches on a wide variety of scenarios.
As someone who has seen this program from the inside, I am here to tell you you are WRONG. That' spelled W-R-O-N-G, just in case you were not sure. These programs MAY have as input large "shops" which can help test, but it also includes "priority" customers (Govt, the critical 8 in infrastructure, etc.), most of whom will *never* provide any feedback data to the patch supplier.
Unlike many of the other betas, you have an actual testing and feedback requirement and have to agree to that requirement before being allowed in.
Then we are talking about different programs. There ARE early release programs, and this reads as one.
I previously was a consultant at a large company that was asked if they wanted to be in this program and we declined because we couldn't handle the additional workload that it required as a participant. We just didn't have the resources available.
OK, lets assume that this is a different program. I stand by my assertion that an early patch release program that caters solely to government and the critical 8 is good public policy (and currently implemented).
Here is a link that maybe makes the test nature a little more clear http://www.internetnews.com/security/article.php/3489586
-- Yours, J.A. Terranson sysadmin () mfn org 0xBD4A95BF "Quadriplegics think before they write stupid pointless shit...because they have to type everything with their noses." http://www.tshirthell.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
Current thread:
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more..., (continued)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Valdis . Kletnieks (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Devdas Bhagat (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Devdas Bhagat (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Valdis . Kletnieks (Mar 12)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... J.A. Terranson (Mar 12)
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... phased (Mar 13)
- Re: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... Vincent Archer (Mar 14)
- RE: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore... J.A. Terranson (Mar 12)
- Re[2]: Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a goodidea any more... phased (Mar 13)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... James Tucker (Mar 13)
- Re: Reuters: Microsoft to give holes info to Uncle Sam first - responsible vendor notification may not be a good idea any more... Vincent van Scherpenseel (Mar 13)