RE: IE Crashing MICROSOFT RESPONSE

[zeno <zeno () cgisecurity net>]

Below is a email I got from microsoft. I didn't want credit but I find it amusing
that they will refuse to mention who discovered a security problem unless they are contacted
first. Which means if I found a remote IIS hole and emailed other mailing lists first 
as far as microsoft historical documents go I wasn't even involved and they will not acknowledge
my findings. If I email microsoft of the problem first then I am mentioned.
I honestly don't care for a mention otherwise I would have just released a advisory



Anyone else find this a tad wackey? So microsoft is reinventing history now to?


- zeno () cgisecurity com


> Thanks for your note and for bringing this to us.  We appreciate that.
>
> As we noted in our bugtraq post, we are looking into this issue.  As
> always, if we will take appropriate action based on our investigation.
>
> Unfortunately, you chose to take this issue public before we had a
> chance to fully investigate and develop a patch, if needed. I'm afraid
> that because of this, we won't be able to credit you in any bulletin
> that might result from your report.  This is outlined in our
> acknowledgement policy at:
>
> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur
> ity/bulletin/policy.asp
>
> We appreciate your bringing this to us, and hope that next time you'll
> work with us in a way that will allow us to credit you in any bulletin
> that might result.
>
> Thank you once again for bringing this to us.
>
> Regards,
> secure () microsoft com