Responsible Disclosure: eEye vs. Microsoft

I've made no secret of the fact that I'm not the biggest fan of the practice of 'responsible disclosure' , at least the version where the vendor has all the control and can cry foul whenever a researcher discloses anything.  I believe that Microsoft and other vendors use responsible disclosure as a shield to prevent researchers from notifying the public about vulnerabilities and keep everything running on the vendor's schedule.  Apparently this is exactly what is happening in a dispute over a vulnerability introduced by a patch earlier this month from Microsoft, MS06-042.  This Internet Explorer patch fixed a large number of vulnerabilities, some published by Microsoft, some fixed without notifying the public, while it also created a new vulnerability that could crash IE 6 and allow a malicious web site to execute arbitrary code on the target computer.  eEye discovered the vulnerability , notified Microsoft and sat back to wait for a patch.  The patch was apparently ready several days ago and was supposed to be released yesterday, but was apparently delayed due to problems with the patch and SMS.  Not a problem with the patch, just a problem with how it's being distributed to big businesses.

Responsible Disclosure: eEye vs. Microsoft

I've made no secret of the fact that I'm not the biggest fan of the practice of 'responsible disclosure' , at least the version where the vendor has all the control and can cry foul whenever a researcher discloses anything.  I believe that Microsoft and other vendors use responsible disclosure as a shield to prevent researchers from notifying the public about vulnerabilities and keep everything running on the vendor's schedule.  Apparently this is exactly what is happening in a dispute over a vulnerability introduced by a patch earlier this month from Microsoft, MS06-042.  This Internet Explorer patch fixed a large number of vulnerabilities, some published by Microsoft, some fixed without notifying the public, while it also created a new vulnerability that could crash IE 6 and allow a malicious web site to execute arbitrary code on the target computer.  eEye discovered the vulnerability , notified Microsoft and sat back to wait for a patch.  The patch was apparently ready several days ago and was supposed to be released yesterday, but was apparently delayed due to problems with the patch and SMS.  Not a problem with the patch, just a problem with how it's being distributed to big businesses.

Responsible Disclosure: eEye vs. Microsoft

I've made no secret of the fact that I'm not the biggest fan of the practice of 'responsible disclosure' , at least the version where the vendor has all the control and can cry foul whenever a researcher discloses anything.  I believe that Microsoft and other vendors use responsible disclosure as a shield to prevent researchers from notifying the public about vulnerabilities and keep everything running on the vendor's schedule.  Apparently this is exactly what is happening in a dispute over a vulnerability introduced by a patch earlier this month from Microsoft, MS06-042.  This Internet Explorer patch fixed a large number of vulnerabilities, some published by Microsoft, some fixed without notifying the public, while it also created a new vulnerability that could crash IE 6 and allow a malicious web site to execute arbitrary code on the target computer.  eEye discovered the vulnerability , notified Microsoft and sat back to wait for a patch.  The patch was apparently ready several days ago and was supposed to be released yesterday, but was apparently delayed due to problems with the patch and SMS.  Not a problem with the patch, just a problem with how it's being distributed to big businesses.

Citrix, Microsoft to team on new appliance

Microsoft and Citrix plan to develop a new line of appliances that will allow IT administrators to more easily drop business apps into branch offices.

Mozilla will be assimilated (and feline musicphiles)

It's a trap! Or it's IT Blogwatch, in which Microsoft invites Mozilla to the party. Not to mention Snakes on a... no, wait, cats in a record store...Matt Mondok has the scoop:Microsoft wants to help in the development of Firefox. It sounds pretty scary, doesn't it?

Mozilla will be assimilated (and feline musicphiles)

It's a trap! Or it's IT Blogwatch, in which Microsoft invites Mozilla to the party. Not to mention Snakes on a... no, wait, cats in a record store...Matt Mondok has the scoop:Microsoft wants to help in the development of Firefox. It sounds pretty scary, doesn't it?