Microsoft has launched a blog to provide information about mitigations and workarounds for vulnerabilities in its software, which it says it will use to share more in-depth technical information about vulnerabilities serviced by its regular security updates.
In the Security Vulnerability Research and Defense blog, security researchers at the software giant will give technical information about vulnerabilities fixed on "Patch Tuesday", Microsoft's monthly security patch cycle. Comments to posts, said Microsoft, will not automatically appear on the blog. Instead, IT professionals are invited to email questions and feedback to the researchers.
"Frankly, we're concerned that if comments are allowed, we may see some inappropriate comments," wrote one Microsoft researcher.
The software giant's New Year's resolution is to reveal more of its security practices. "During our vulnerability research, we discover a lot of interesting technical information," one of the researchers anonymously wrote in a blog post. "We're going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds and mitigations will help you more effectively secure your organisation."
Information provided will include workarounds that are "not 100 percent effective in every situation", warned the researchers, who said that security bulletins and advisories remain "the ultimate authority". Other information will include "super-complicated workarounds that work but cannot be recommended to all customers", and advice on security triage for particular vulnerabilities.
Read this
Photos: Stepping inside Microsoft's war room
Painful past episodes led to the creation of the Security Response Center, where teams take on the task of hunting bugs and keeping customers informed
Matt Asay, a general manager at open-source web-content management company Alfresco, wrote that providing more security information in the blog was a "good step for Microsoft to take".
"Security isn't something to hide," Asay wrote in a CNET News.com blog post. "Users are better off knowing more in most cases, rather than less. Knowledge, especially when it comes to security, is power."
The Microsoft security researchers who will contribute to the blog are Damian Hasse, lead security software engineer at Microsoft; Jonathon Ness, who heads the Secure Windows Initiative defence team; and Greg Wroblewski, Microsoft senior security engineer.
The Security Vulnerability Research and Defense blog launched on Thursday last week, and joins other Microsoft security blogs such as %41%43%45%20%54%65%61%6d, a penetration testing blog, and the Anti-Malware Engineering Team blog.
Talkback
Immediately following the last "patch Tuesday", my XP partition will open with no icons, on the desktop, or I will get a message saying,"windows explorer has encountered a problem and has to shut down." Luckily I only use XP for games, with PCLinuxOS being my main operating system.
I saw an ad for a tee shirt that said," Worlds best computers: Linux for servers. MACs for graphics. Windows for solitaire."