Microsoft pulled this same idiotic crap when the vulnerability behind Code Red was discovered in 2001. My suggestion to the shills in (and for) Redmond is that they shut up and fix their shoddy software.
And let's not forget Steve Ballmer's moronic statement on how security issues should be handled...
To: Prime Choice
I tend to agree with MS on this. Others in the business that find flaws in someone's software shouldn't make it public for the very reasons stated. It is sad to hear a bunch of whiners that can't do the great things that MS has done.
2 posted on
11/11/2004 2:32:50 PM PST by
stockpirate
(Tagline is hung over from the election parties.)
To: Prime Choice
If Microsoft put a bounty on each security flaw found, and made it a substantial sum, Windoze would soon be hackproof.
3 posted on
11/11/2004 2:32:52 PM PST by
Yo-Yo
To: Prime Choice
Sorry, but Microsoft has a point. Simply releasing info about a security breach before a fix has been found is irresponsible. There ought to be a "decent interval" between the discovery of the breach and its public revelation. I think a month is about right. The discoverer should first notify the software maker, then promise to hold off for at least a month before announcing the problem. This strikes me as a reasonable compromise that protects the public's right to know about the problem, but also minimizes the risk that the problem will be exploited by some scummy computer vandal.
4 posted on
11/11/2004 2:34:41 PM PST by
ArcLight
To: Prime Choice
"We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities with no exposure to malicious attackers while the patch is being developed."the vendors best intrests in COVERING UP the flaw so they can keep selling the crap.
15 posted on
11/11/2004 3:16:19 PM PST by
ChefKeith
(Life is GREAT with CoCo..........NASCAR...everything else is just a game!(Except War & Love))
To: Prime Choice
Microsoft's assumptions are:
- A vulnerability that is not announced is not being exploited.
- Their users are helpless until a patch is released.
Nonsense.
- Never assume that a vulnerability that is not announced is not being exploited.
- Users can render themselves protected by switching to another browser or by using IE with extra caution. These are a reasonable options and I have a right to know that I need them without delay.
To: Prime Choice
According to Microsoft, trying to figure out what makes their software crash is a crime.
17 posted on
11/11/2004 4:20:17 PM PST by
E. Pluribus Unum
(Drug prohibition laws help fund terrorism.)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson