Microsoft Admits to Hiding Flaw Details

Microsoft Admits to Hiding Flaw Details 147

Posted by samzenpus on Thursday April 20, 2006 @07:57AM from the on-a-need-to-know-basis dept.

Spongeform writes "eWeek has an interview with a Microsoft security official admitting to hiding details on software vulnerabilities that are discovered internally. The reason? Microsoft believes that full disclosure of every security-related product change only serves to aid attackers. However, companies using host-based IPS that rely on flaw information to build signatures are basically left at risk because of Microsoft's silent fixes."

Microsoft Admits to Hiding Flaw Details

This discussion has been archived. No new comments can be posted.

Search 147 Comments Log In/Create an Account

Comments Filter:

Re:scandal! (Score:3, Informative)

by perp ( 114928 ) writes: on Thursday April 20, 2006 @08:34AM (#15163873)

Doesn't SLASH have a similar policy?
Au contraire. The RFPolicy [wikipedia.org] gives the vendor five working days to respond to a communication from the discoverer of a vulnerability, after which the discoverer can go public at any time. The discoverer and vendor are encouraged to work together to make a joint statement of the vulnerability once there is a fix.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Microsoft Admits to Hiding Flaw Details 147

Microsoft Admits to Hiding Flaw Details More Login

Microsoft Admits to Hiding Flaw Details

Re:scandal! (Score:3, Informative)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot