Microsoft calls for responsible disclosure of security flaws


Microsoft calls for responsible disclosure of security flaws

Warwick Ashford

Microsoft says it continues to support responsible disclosure of security vulnerabilities after a researcher went public with a zero-day vulnerability in Windows XP and Windows Server 2003.

Tavis Ormandy published his advisory, including exploit code, just five days after reporting the vulnerability to Microsoft.

Ormandy defended the decision to make a full disclosure, saying: "I've concluded that there is a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security."

But Microsoft said it continues to encourage responsible disclosure.

"Reporting vulnerabilities directly to vendors without further disclosure helps ensure that customers receive comprehensive, high-quality updates before cybercriminals learn of - and work to exploit - a vulnerability," a Microsoft spokesman said.

"Responsible disclosure protects the computer ecosystem and individual computer users from harm," he added.

Microsoft is investigating public disclosure of the vulnerability and said it will release more information once the extent of the issue has been determined.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy