RSS Alerts

Share

More services

Related Links

Related Stories

  • New vulnerability in Windows revealed
    An independent security researcher has published exploit code for a zero-day vulnerability in Windows XP and Windows 2003.
  • Taking Down a Botnet
    This past February, Microsoft, along with industry partners and academic researchers, spearheaded an effort to take the Waledec botnet offline. Drew Amorosi provides a detailed account of just how the cooperative endeavor was able to halt – at least temporarily – the notorious spam serving network.
  • Major Patch Tuesday from Microsoft tomorrow
    Tomorrow is Patch Tuesday, the day when Microsoft makes its monthly batch of security updates and, by all accounts, it's going to be a major batch with 10 bulletins addressing 34 vulnerabilities. Three of the bulletins are classed as critical, says Microsoft.
  • Ballmer defends Windows after Jobs' attack
    Windows will be increasingly modified and optimised for various functions and different types of hardware, says Steve Ballmer, chief executive of Microsoft.
  • Half of Windows XP users left without tech support
    Wolfgang Kandek, the chief technology officer of Qualys, has warned Windows XP users that Microsoft's technical support for service pack 2 (SP2) of the popular operating system will cease on July 13. As a result of this, he advises users to install XP SP3 or upgrade to Windows 7.

Top 5 Stories

News

Microsoft calls for responsible disclosure of security flaws

11 June 2010

Microsoft says it continues to support responsible disclosure of security vulnerabilities after a researcher went public with a zero-day vulnerability in Windows XP and Windows Server 2003.

Tavis Ormandy published his advisory, including exploit code, just five days after reporting the vulnerability to Microsoft.

Ormandy defended the decision to make a full disclosure, saying: "I've concluded that there is a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security."

But Microsoft said it continues to encourage responsible disclosure.

"Reporting vulnerabilities directly to vendors without further disclosure helps ensure that customers receive comprehensive, high-quality updates before cybercriminals learn of – and work to exploit – a vulnerability", a Microsoft spokesman said.

"Responsible disclosure protects the computer ecosystem and individual computer users from harm", he added.

Microsoft is investigating public disclosure of the vulnerability and said it will release more information once the extent of the issue has been determined.

This story was first published by Computer Weekly

This article is featured in:
Application Security • Compliance and Policy

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012