Region: Government      Corporate
You are not logged in    Login
IDS Emergencymanagement
  The Information Resource for the Emergency Management Industry!
Browse Emergency Products & Suppliers By Category
Browse Emergency Whitepapers By Sector
Browse Emergency Management Events By Category
Participation Options
Free Listing
Interested In Exhibiting?
Submit Events
About IDS Emergency
Submit News
Emergency Management Newsletter
News ReleaseClick Here to view News Releases
Microsoft Resolves to Open Security
News Source
Zd Net
January 03, 2008
Click HereView Participation Packages
Click Here
Add paper
   

Microsoft has launched a blog to provide information about mitigations and workarounds for vulnerabilities in its software, which it says it will use to share more in-depth technical information about vulnerabilities serviced by its regular security updates.

In the Security Vulnerability Research and Defense blog, security researchers at the software giant will give technical information about vulnerabilities fixed on "Patch Tuesday", Microsoft's monthly security patch cycle. Comments to posts, said Microsoft, will not automatically appear on the blog. Instead, IT professionals are invited to email questions and feedback to the researchers.

"Frankly, we're concerned that if comments are allowed, we may see some inappropriate comments," wrote one Microsoft researcher.

The software giant's New Year's resolution is to reveal more of its security practices. "During our vulnerability research, we discover a lot of interesting technical information," one of the researchers anonymously wrote in a blog post. "We're going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds and mitigations will help you more effectively secure your organisation."

Information provided will include workarounds that are "not 100 percent effective in every situation", warned the researchers, who said that security bulletins and advisories remain "the ultimate authority". Other information will include "super-complicated workarounds that work but cannot be recommended to all customers", and advice on security triage for particular vulnerabilities.

Matt Asay, a general manager at open-source web-content management company Alfresco, wrote that providing more security information in the blog was a "good step for Microsoft to take".

"Security isn't something to hide," Asay wrote in a CNET News.com blog post. "Users are better off knowing more in most cases, rather than less. Knowledge, especially when it comes to security, is power."

The Microsoft security researchers who will contribute to the blog are Damian Hasse, lead security software engineer at Microsoft; Jonathon Ness, who heads the Secure Windows Initiative defence team; and Greg Wroblewski, Microsoft senior security engineer.

The Security Vulnerability Research and Defense blog launched on Thursday last week, and joins other Microsoft security blogs such as %41%43%45%20%54%65%61%6d, a penetration testing blog, and the Anti-Malware Engineering Team blog.
Other News
MIMIX HA Provides Essential High Availability and Data Protection
MaxSP Provides Workstation Coverage Expanding its Backup and Recovery Solution
EMC Drives Increased Operational Efficiency and Roi Across Oracle Environments
GHS has EAL6+ Operating System Security Certification; Launches Integrity Global Security
Security `Hippos` Dismiss Microsoft Morro Launch
More news
 

Industry IDS, Inc.
DELEGATES
13531
Conference Sectors  Case Studies  List of Papers  Exhibition Sectors  Vendor Presentation  List of Exhibitors  Industry News  Sponsors  All Exhibitors  All Papers  Sitemap  Registration Links ]

 :: IDS Plastics :: IDS Water ::IDS Packaging::IDS Publishing/Media ::IDS Healthcare Management ::IDS Environment::IDS Power/Energy::  

Industry IDS, Inc. – Online Tradeshow, Exhibition, & Buyers Guide Solutions