Security threats Toolkit

Story: Microsoft complains about 'irresponsible' security revelation

• 
• 

It is all very well for Microsoft to want to wait until they have a fix for a flaw before making it public. However, if one person has found the flaw and comes forward to report it to Microsoft, who is to say that somebody less scrupulous hasn't also already discovered it and is planning to exploit it before MS can get a patch out.

I don't care if MS has a patch ready when a weakness is found, I would rather have that information available so that I can protect myself and my customers in the best way possible until a patch *is* released.

Why are Microsoft so willing to put their customers machines and networks at risk for the sake of appearing to be able to respond to threats faster?

If aircraft have a potential problems, then they are grounded or put on restriction until a solution is found.

Everybody knows Microsoft have security problems with their software, and that they are working on improving the situation. Fine. But withholding information (lying by omission) isn't going to help their reputation.

And statements like this don't help inspire confidence in their products. If this one exploit has been discovered and released in a manner that Microsoft don't like, just how many more exploits and security holes are their, that somebody knows about and MS are "dealing" with? 0? 1? a hundred? thousands?

It isn't a comforting thought that you are putting your businesses IT in the hands of a company you can't trust!

• 
• 

• 
• 
• 

Full Talkback thread