Microsoft's Responsible Vulnerability Discosure, The New Non-Issue

[InfoSec News <isn () c4i org>]

Forwarded from: security curmudgeon <jericho () attrition org>

http://www.attrition.org/security/rant/z/ms-disclose.html

Microsoft's Responsible Vulnerability Disclosure, The New Non-Issue
Sat Nov 10 03:00:48 MST 2001
by Jericho (security curmudgeon)

For almost a decade, a debate over the concept of Full Disclosure has
reared its ugly head. Carried out on BBSs, newsgroups, security
conferences, mail lists, parties, coffee shops and everywhere else,
the Full Disclosure debate can be called "long standing" to say the
least. As with everything in the computer industry before, Microsoft
is doing nothing new here. Like many times before, Microsoft is
re-inventing the wheel and opting for something other than round.

The debate and issues at hand are complex and go back a long way.
Short of writing a small book, I can't address every issue I would
like to. The following article addresses some of the bigger issues.

[...]


(please see the HTML copy for the full article and snazzy images!)



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.