Re: MS to force IT-security censorship

[InfoSec News <isn () c4i org>]

Forwarded from: Darren Reed <darrenr () reed wattle id au>
Subject: Re: [ISN] MS to force IT-security censorship

In some email I received from InfoSec News, sie wrote:

[...]

> Worse, we have here a recipe for establishing a monopoly on
> vulnerability data like the little cabal of greedy insiders who
> run the anti-virus industry, and who control access to information
> with a stranglehold which protects nothing so much as their
> revenue stream.

The question you have to ask yourself is this: is the information M$
will be providing any better than what you get via bugtraq ?  If the
M$ information is still largely dependant on independant people
reporting things to M$ as well as bugtraq, it's hard to see how they
are adding anything of value.  If M$ are so intent on creating a
special class of priviledged users then they may well find themselves
on the raw end of the stick - getting reports after (or at the same
time as) bugtraq or some other forum specifically setup for this
purpose.

That is unless there have been (a) gaping huge security holes which
have not been found by hackers and have been closed, on the quiet, by
M$ or (b) reports of such which have gone to M$ and not bugtraq.

Microsoft is forgetting, I think, who they owe their bug reports to
and that is to say it's largely not Microsoft's internal R&D.

Darren



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.