Thor Larholm
Thor Larholm
access bugs closed easy fact microsoft needs parts rethink security seems
The fact that Microsoft has now started to find bugs on its own seems promising, but it needs to be more than a one-time occurrence. Microsoft needs to rethink fundamental parts of its security processes, as it is too easy for outsiders, with no access to Microsoft's closed source, to find new security holes,
address details higher known longer microsoft release responsibility takes
The longer it takes Microsoft to address a known vulnerability, the higher the probability that one of the 'bad guys' will find it and release the details to the public. Microsoft has a responsibility to get these fixes out quickly.
disclosure goes
This all goes back to the responsible disclosure debate.
culture dangerous handled issue longer microsoft offender oracle security sitting taken worst
Microsoft is no longer the worst offender when it comes to sitting on patches. Oracle has taken that crown. But I think there's still a culture at Microsoft that security is a PR issue that must be handled delicately. And that's a dangerous culture.