[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: supadupa at gmail.com (Scott Edwards)
Subject: Reuters: Microsoft to give holes info to Uncle
Sam first - responsible vendor notification may not be a good
idea any more...
On Sat, 12 Mar 2005 13:41:26 +0100, Tamas Feher <etomcat@...email.hu> wrote:
> http://www.reuters.com/newsArticle.jhtml?type=technologyNews&storyID=7
> 876004&src=rss/technologyNews
>
> Microsoft to Offer Patches to U.S. Govt. First
> by Reuters, 11 Mar 2005
[snip]
> Under a plan to take effect later this year, Microsoft will give the
> U.S. Air Force versions of software "patches" to fix serious security
> vulnerabilities up to a month before they are available to others,
> the paper said.
[snip]
Isn't the real issue we're trying to address, is that the US Govt's
advance knowledge of this information, does not serve the masses?
My strongest opinion is to provide it for everyone at the same time.
This advance notice has some indication that someone does not have the
(wo)man power and action plan on how to handle these updates. Seems
like what ever reason they have, is a complete cop-out (Feel free to
enlighten me Uncle Sam, I honor thee, but why are thou so special?).
Two words for Uncle Sam. "Cowboy up!". Sure MSFT says the updates
will only be stalled to the public, "up to a month", but that could be
any amount of time.
And this whole nonsense of "black hats only find these holes from
updates" is just that, nonsense. How many times have we seen a
website turn a browser into a mushroom cloud? I mean, we've NEVER
seen a program crash by visiting websites, right? Reproduce that, and
you've got yourself the makings of an exploit. What if the next
discovered hole is a worm writer? (I'm not meaning to suggest that
internet/www are not the only "critical updates" of concern in this
topic, but it's the easiest to illustrate)
Thank you,
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
Powered by blists - more mailing lists