August 7, 2008 4:30 PM PDT

Microsoft to seek credit for finding vulnerabilities

Posted by Elinor Mills

LAS VEGAS--Microsoft is jumping into the responsible disclosure game.

The company announced at the Black Hat security conference on Thursday that it is formalizing its program of informing third-party software vendors of security problems with products that run on top of Windows.

"We've seen the threat environment change," said Andrew Cushman, who runs the Microsoft Security Response Center.

Vista is more secure than XP and has fewer infections, he said. In addition, there are an increasing number of third-party exploits, and fewer browser-based exploits than in third-party software, he added.

The MSRC already reports vulnerabilities to other companies, but now it is asking for recognition in finding the vulnerability. Microsoft will not post advisories on any of the third-party security issues it finds, like it does with vulnerabilities found in its own software, Cushman said.

The issue of responsible disclosure is constantly being debated, with vendors often arguing that researchers are too quick to go public when they find a vulnerability and researchers countering that if they didn't go public the vendors would drag their heels on fixing the problem.

"Microsoft is in a unique position to help in that dimension," he said. "We bring a little different gravitas to the table. I think we can actually change the dynamic around responsible disclosure."

Earlier in the week, Microsoft said it would be giving third-party vendors a sneak peek at the technical details of the vulnerabilities in Microsoft software before the company releases its monthly "Patch Tuesday" updates. The company also announced it would help companies prioritize the vulnerabilities in its updates.

Click here for full coverage of Black Hat 2008.

Topics:

News

Tags:

Black Hat 2008,

Microsoft,

security,

disclosure

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from News - Security
Security firm spots Chrome 'SaveAs' flaw
Microsoft: Expect four bulletins on Patch Tuesday
Protesters decry NASA hacker's extradition
Chrome suffers first security flaw
Microsoft proposes age-limited digital playgrounds
Add a Comment (Log in or register) 5 comments
by jef5623 August 7, 2008 11:28 PM PDT
i think Microsoft will have to plan Vista's security keeping in view the 7th age of computing.
Reply to this comment View reply
by benjaminstraight August 8, 2008 3:02 AM PDT
Good that Microsoft is proactively being part of the solution.
Reply to this comment
by smokinmunky August 8, 2008 6:10 AM PDT
Good on MS. At least they're not afraid to talk about their problems unlike the non communication coming out of some other companies. cough cough apple cough
Reply to this comment
by The_Decider August 11, 2008 11:09 PM PDT
Funny how this "minor" tidbit didn't show up on CNET: http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1324395,00.html

"The attacks themselves are not based on any new vulnerabilities in IE or Vista, but instead take advantage of Vista's fundamental architecture and the ways in which Microsoft chose to protect it."
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
Same great protection. Reengineered for speed.
Norton Internet Security™2008

Click Here!
Norton still delivers award-winning protection and now uses 83% less memory and scans 48% faster than the competitor average. Get a FREE trial today!

Click Here!
Norton Beats the Competition

See how Norton Internet Security™2008 uses less memory, while scanning and booting faster than the competitor average.

Norton Protection Blog

Read the latest from our security experts as they help protect people from evolving online threats.

Protect Your Bluetooth Connection

Don't let fraudsters sink their teeth into your Bluetooth connection.

Vishing - What you need to know

Meet the latest ID theft scam: Voice Phishing.

Take Norton for a Test Drive Today!

Act now to get your FREE trial of Norton Internet Security 2008.

About News - Security

Online security is threatened by more than hacking and phishing attempts. Check here for the latest updates on software vulnerabilities, data leaks, and rapidly spreading viruses--and learn how to protect your systems.

Add this feed to your online news reader

News - Security topics

Featured blogs

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right

  • News - Business Tech

    Chrome's JavaScript challenge to Silverlight

    The advent of Google's Chrome browser, software pros say, should spur a big speedup for JavaScript, which would raise its standing against Microsoft's Silverlight technology.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' pix, iTunes hints

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Outside the Lines

    EIC Squared: Chrome, iPods, and a Dell-Salesforce union

    On this week's EIC Squared podcast CNET's Dan Farber and ZDNet's Larry Dignan discuss Google's latest rocket launch--the Chrome browser--as well as Apple's iPod event next week and a Dell-Salesforce.com union.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Digital Media

    At 10 years old, whither Google?

    Daniel Sieberg of CBS News looks at how the company grew exponentially from start-up to superstar and part of our culture, but what's ahead?

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Webware

    Mozilla releases second Firefox 3.1 alpha

    Added features include support for a new video tag element introduced with the HTML 5 standard, along with some speed enhancements.

  • Green Tech

    Duke Energy to invest in mini solar power plants

    Can hundreds of rooftop solar panels collectively operate like a central power plant? Duke Energy launches $100 million distributed solar program to find out.

advertisementT-Mobile@Home $10-a-month home phone Click Here
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
Dell
PlayStation 3
Wii
Windows Vista
CNET sites
CNET TV
Downloads
Forums
News
Reviews
Site map
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET