Post #11,911
10/5/01 11:10:24 AM
|
Can I have a Security forum again? Please?
Pretty please with sugar on top?
First item follows:
That's her, officer! That's the woman that programmed me for evil!
|
Post #11,912
10/5/01 11:12:44 AM
|
"Cost and effect" is usually a strength of MS..why not here?
The responsibility for Microsoft's products rests with Microsoft alone, and we take that responsibility very seriously. However, there has traditionally been an unwritten rule among security professionals that the discoverer of a security vulnerability has an obligation to give the vendor an opportunity to correct the vulnerability before publicly disclosing it. This serves everyone's best interests, by ensuring that customers receive comprehensive, high-quality patches for security vulnerabilities but are not exposed to malicious users while the patch is being developed. Once customers are protected, public discussion of the vulnerability is entirely in order, and helps the industry at large improve its products.
Many security professionals follow these practices, and Microsoft wants to single them out for special thanks. The acknowledgment section of our security bulletins is intended to do this. When you see a security professional acknowledged in a Microsoft Security Bulletin, it means that they reported the vulnerability to us confidentially, worked with us to develop the patch, and helped us disseminate information about it once the threat was eliminated. They minimized the threat to customers everywhere by ensuring that Microsoft could fix the problem before malicious users even knew it existed. If MS had any brains, they would pay some piddling sum to people who find security holes and report them first to Microsoft. If anyone is in a position to profit from this, it's MS--they're already seen as a monolith, so getting a "thank you" becomes rapidly less meaningful. And it wouldn't cost them any more than they're paying their security department now anyway... $50 each?
That's her, officer! That's the woman that programmed me for evil!
|
Post #11,914
10/5/01 11:25:44 AM
|
Hmmmm.
$50 for each security hole reported? Umm, wouldn't that tend to depress their stock prices as the money rapidly drains out of their stockpile into the hole finders hands? Sheesh, they would end up in the red in no time.
:)
For every human problem, there is a neat, simple solution; and it is always wrong H. L. Mencken, Mencken's Metalaw
|
Post #11,921
10/5/01 11:35:47 AM
|
Please...
... don't follow this up here...
Regards,
-scott anderson
|
Post #12,029
10/5/01 10:05:09 PM
|
Can't be *that* many holes
um, surely there can't be
Right?
Who knows how empty the sky is In the place of a fallen tower. Who knows how quiet it is in the home Where a son has not returned.
-- Anna Akhmatova (1889-1966)
|
Post #11,924
10/5/01 11:50:01 AM
|
Like this example, which someone else reminded me of:
[link|http://cr.yp.to/qmail/guarantee.html|[link|http://cr.yp.to/qmail/guarantee.html|http://cr.yp.to/qmail/guarantee.html]]
That's her, officer! That's the woman that programmed me for evil!
|
Post #11,920
10/5/01 11:35:20 AM
|
Well...
Ad Min paused for a moment's reflection. "Tricky," he said finally. "But can you do it?" Again, a significant pause. "Yes," said Ad Min, "I can do it." "There is an answer?" said Brewer with breathless excitement. "A simple answer?" added Lunkwill. "Yes," said Ad Min. "Life, the Universe, and a Security Forum. There is an answer. But," he added, "I'll have to think about it."
(seven and a half million years later)
The problem is that 1) we don't have a means of providing for forum headers yet and 2) I too busy today, and I'm leaving for a computer-free weekend immediately after work.
Maybe for now emulate Wade, and post the story in the Open Forum?
Regards,
-scott anderson
|
Post #11,922
10/5/01 11:46:43 AM
|
I only want one, with no header.
Just a generic Security forum in Area 51. One and only one for all time.
That's her, officer! That's the woman that programmed me for evil!
|
Post #11,926
10/5/01 11:52:37 AM
|
Done.
I trust you'll copy your stuff in there now?
Regards,
-scott anderson
|
Post #11,940
10/5/01 1:01:22 PM
|
But of course. :)
That's her, officer! That's the woman that programmed me for evil!
|