Home > slashdot > Microsoft Makes Major Shift In Disclosure Policy

Microsoft Makes Major Shift In Disclosure Policy

July 22nd, 2010 07:02 admin Leave a comment Go to comments

Trailrunner7 writes “Microsoft is changing the way in which it handles vulnerability disclosures, now moving to a model it calls coordinated vulnerability disclosure, in which the researcher and the vendor work together to verify a vulnerability and allow ample time for a patch. However, the new philosophy also recognizes that if there are attacks already happening, it may be necessary to release details of the flaw even before a patch is ready. The new CVD strategy relies on researchers to report vulnerabilities either directly to a vendor or to a trusted third party, such as a CERT-CC, who will then report it to the vendor. The finder and the vendor would then try to agree on a disclosure timeline and work from there.” Here’s Microsoft’s announcement of the new strategy.

Source: Microsoft Makes Major Shift In Disclosure Policy

Related Articles:

  1. Google Advocates 7-Day Deadline For Vulnerability Disclosure
  2. Dutch Gov’t Offers Guidance For Responsible Disclosure Practices
  3. Microsoft Kicks Off Third-Party Bug Warnings
  4. Exploit Sales: the New Disclosure Debate
  5. Why Responsible Vulnerability Disclosure Is Painful and Inefficient
blog comments powered by Disqus