Re: standards status in the industry - opinion?

[Gadi Evron <ge () linuxbox org>]

Matthew Murphy wrote:

> Fifth, with that decided, the community is going to have to force
> Microsoft's hand.  The way to persuade Microsoft to patch in a timely
> fashion is to seriously undercut the the organizations you cite.  The
> way to do that is to disclose vulnerabilities publicly when Microsoft
> fails to patch them in a reasonable time (i.e. 3 months).  We're not

In other words, full disclosure.

I believe Microsoft actually is doing a far better job of working with 
researchers these days... but I suppose every researcher has to decide 
that for himself.

After seeing what one 0day in a CLIENT did, I think I like the outcome, 
but not as a trend.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.