Microsoft calls for responsible disclosure of security flaws

Microsoft says it continues to support responsible disclosure of security vulnerabilities after a researcher went public with a zero-day vulnerability in Windows XP and Windows Server 2003.

Microsoft says it continues to support responsible disclosure of security vulnerabilities after a researcher went public with a zero-day vulnerability in Windows XP and Windows Server 2003.

Tavis Ormandy published his advisory, including exploit code, just five days after reporting the vulnerability to Microsoft.

Ormandy defended the decision to make a full disclosure, saying: "I've concluded that there is a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security."

But Microsoft said it continues to encourage responsible disclosure.

"Reporting vulnerabilities directly to vendors without further disclosure helps ensure that customers receive comprehensive, high-quality updates before cybercriminals learn of - and work to exploit - a vulnerability," a Microsoft spokesman said.

"Responsible disclosure protects the computer ecosystem and individual computer users from harm," he added.

Microsoft is investigating public disclosure of the vulnerability and said it will release more information once the extent of the issue has been determined.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...

SearchNetworking

SearchDataCenter

SearchDataManagement

Close