back to article Microsoft imposes security disclosure policy on all workers

Microsoft has implemented a new company policy requiring all employees to follow a detailed set of procedures when reporting security vulnerabilities in third-party products. The practices are an evolution of the coordinated vulnerability disclosure doctrine it proposed in July. They're intended to simplify communication among …

COMMENTS

This topic is closed for new posts.

Microsoft internal security policies

It is great to see that Microsoft is actively embracing the need to drive positive change in building secure software in the Industry. While there is still a long way to go, its a great step forward. I wish newer entrants learn from the mistakes made by Microsoft and other product vendors ten years ago. I wrote about it in my post "Facebook faces the same security threats that Microsoft did years ago?" @ http://luciusonsecurity.blogspot.com/2011/03/facebook-faces-same-security-threats.html

0
0
Pint

20 Days Old news

"The policy (MS Word document here) applies to ..."

The Security Disclosure Policy is in MS Word ? Good one :o)

0
0
Happy

hehe

mmmm, was wondering about that one as well...

0
0
Bronze badge
Gates Horns

Microsoft should be ashamed! ROFLMAO

Big weapon mentality of Microsoft FAILS again. Possible solutions:

1. Hold Microsoft legally liable for damages caused by misuse of the poorly designed weapons. (Nonstarter and ROFLMAO.)

2. Create REAL competition in the OS market, for example by dividing Microsoft into separate competing companies. (Ditto squared and cubed.)

Oh well. Whatever you can say about Microsoft's so-called software, you have to admit that their economic model works. I've concluded that the most important failure of the OSS alternatives is that their economic models are inferior. So here's a suggested alternative economic model:

http://eco-epistemology.blogspot.com/2009/11/economics-of-small-donors-reverse.html

0
4
FAIL

Did you actually read the article?

Given that the article is about security bugs that Microsoft researchers discover in other people's code, I think it is pretty clear you didn't. I think the FAIL is fairly and squarely in your court on this occasion.

1
0
Silver badge

Mission EMPossible?

"Under the policy, Microsoft employees who discover vulnerabilities will report them privately to the third-party organizations responsible. Encrypted email is the favored medium, but only after the employee has identified the right third-party person to receive the report. "

Good luck with finding that right third-party person.

0
0

Microsoft...

...and Security doesn't go well together.

The only thing that's secure is a locked-out admin password on a Win2k3 domain controller - with no other admin accounts available.

0
0
This topic is closed for new posts.

Forums