Microsoft imposes security disclosure policy on all workers Microsoft has implemented a new company policy requiring all employees to follow a detailed set of procedures when reporting security vulnerabilities in third-party products. The practices are an evolution of the coordinated vulnerability disclosure doctrine it proposed in July. They're intended to simplify communication among …
It is great to see that Microsoft is actively embracing the need to drive positive change in building secure software in the Industry. While there is still a long way to go, its a great step forward. I wish newer entrants learn from the mistakes made by Microsoft and other product vendors ten years ago. I wrote about it in my post "Facebook faces the same security threats that Microsoft did years ago?" @ http://luciusonsecurity.blogspot.com/2011/03/facebook-faces-same-security-threats.html
Big weapon mentality of Microsoft FAILS again. Possible solutions:
1. Hold Microsoft legally liable for damages caused by misuse of the poorly designed weapons. (Nonstarter and ROFLMAO.)
2. Create REAL competition in the OS market, for example by dividing Microsoft into separate competing companies. (Ditto squared and cubed.)
Oh well. Whatever you can say about Microsoft's so-called software, you have to admit that their economic model works. I've concluded that the most important failure of the OSS alternatives is that their economic models are inferior. So here's a suggested alternative economic model:
http://eco-epistemology.blogspot.com/2009/11/economics-of-small-donors-reverse.html
"Under the policy, Microsoft employees who discover vulnerabilities will report them privately to the third-party organizations responsible. Encrypted email is the favored medium, but only after the employee has identified the right third-party person to receive the report. "
Good luck with finding that right third-party person.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
