| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <151b605b05041100141dc09d62@mail.gmail.com> Date: Mon Apr 11 08:15:15 2005 From: geggam at gmail.com (Dan Becker) Subject: How to Report a Security Vulnerability to Microsoft On Apr 11, 2005 1:56 AM, tuytumadre@....net <tuytumadre@....net> wrote: > > Mr. Guninski, although I am a huge fan of your work, I could not disagree > more. I am sending this email from Redmond where I was invited by Microsoft > to a small conference about security (it was mostly about what they go > through when stuff is reported). "M$", as you call it, is not trying to get > your 0days. They simply want to protect customers, and, although a large > part about it is profits, the concern is mostly (as far as I know) about the > users. Microsoft's biggest fear is wide-spread virus epidemics, so when a > critical vulnerability is fully disclosed without prior notice to MSRC, > Microsoft goes into an emergency state and everyone gets off of vacation > early to come in and help resolve the issue (as was the case with my > auto-sp2rc release in December, also called "Paul's Christmas" by MSRC > employees). Microsoft knows that security researchers hang out on lists like > fd a bugtraq, so what better place to eliminate t he common improper > disclosing ignorance than to provide clear, concise instructions directly on > the security hotspots? > > > > Regards, > > Paul Dumb question... since this is openly admitted as for profit you are posting this... what are you paying for exploits ? We all know others pay for them.
Powered by blists - more mailing lists