Forgot your password?
typodupeerror
Security

+ - Former MS (now FF)Security Honcho: MS Hides Holes-> 1

Submitted by
theranjan
theranjan writes "When Jeff Jones, a Security Strategy Director at Microsoft, decided to compare Internet Explorer security vulnerabilities with those of Mozilla Firefox, and decided to publish his results showing that Internet Explorer was more secure, he perhaps forgot that the Head Security Strategist of Mozilla, Window Snyder, was a former MS employee, in fact the security lead for the Service pack of Windows XP and Server. In a rebuttal of the study, Window Snyder said that the number of vulnerabilities publicly acknowledged was just a "small subset" of all vulnerabilities fixed internally. The vulnerabilities found internally are fixed in service packs and major updates without public knowledge. This is probably one of the first times that we have confirmation from one of Microsoft's former workers that this practice is routinely followed in Microsoft. This also confirms that the studies performed or referenced by Microsoft touting itself as the safest Operating system, comparing the vulnerabilities between OSes, needs to be taken with bucketfuls of salt. Finally, Window speaks out against the practice of counting bugs,stating plainly that "If we as an industry would just acknowledge that counting bugs is useless then vendors could feel safe talking about what they are doing to protect users" and "Were not building fixes for our PR team, were building them for our users. Go ahead and count.""
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Former MS (now FF)Security Honcho: MS Hides Holes

Comments Filter:
  • sorry, i hate microsoft at least 10x as much as the next guy, but this is not something bad.
    every decent software company fixes a lot more bugs than they have to acknowledge publicly, it's normal. sometimes there are hundreds or thousands of little fixes that go into a large release.

    i wish there were something real to criticize here. there's not.

I'm all for computer dating, but I wouldn't want one to marry my sister.

Working...