Microsoft seeks credit for finding third-party flaws
Published: 08 Aug 2008 08:29 BST
Microsoft announced at the Black Hat security conference in Las Vegas on Thursday that it is formalising its programme of informing third-party software vendors of security problems with products that run on top of Windows.
"We've seen the threat environment change," said Andrew Cushman, director of the Microsoft Security Response Center.
The Microsoft Security Response Center already reports vulnerabilities to other companies, but now it is asking for recognition in finding the vulnerability. Microsoft will not post advisories on any of the third-party security issues it finds, as it does with vulnerabilities found in its own software, Cushman said.
Read this
Protect your mobile devices in any location
Forget the recent hype about about Chinese hackers — users and organisations should be securing mobile systems as a matter of course, so follow these tips to find out how
The issue of responsible disclosure is under constant debate, with vendors often arguing that researchers are too quick to go public when they find a vulnerability, and researchers countering that, if they didn't go public, the vendors would drag their heels on fixing the problem.
"Microsoft is in a unique position to help in that dimension," he said. "We bring a little different gravitas to the table. I think we can actually change the dynamic around responsible disclosure."
Earlier in the week, Microsoft said it would be giving third-party vendors an advance look at the technical details of the vulnerabilities in Microsoft software before the company releases its monthly 'Patch Tuesday' updates. The company also announced it would help companies prioritise the vulnerabilities contained in its updates.
Credit: Microsoft to seek credit for finding vulnerabilities from CNET News
Did you find this article useful?
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
