Welcome to WebmasterWorld Guest from 54.163.35.238

Forum Moderators: bill

Message Too Old, No Replies

MS wants to retire phrase: "responsible disclosure"

Google, too

     

tangor

12:26 am on Jul 23, 2010 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



Microsoft's has submitted a proposal aimed at quelling one of the oldest debates in security circles: retiring the use of the term “responsible disclosure.”

The software maker wants to replace the term with the less pejorative phrase “coordinated vulnerability disclosure.” The hope is that software makers and researchers can put aside decade-old differences about the best way to handle critical defects so that end users are best protected.

“We don't want an emotionally laden term clouding the debate, and that's definitely gotten in the way of a lot of good discussions between like-minded people in security,” said Katie Moussouris, senior security strategist in the Microsoft Security Response Center. “We're really trying to reach out across the disclosure dividing lines and find the common ground where we all are. We all want to protect customers and users.”

[theregister.co.uk...]

bill

12:56 am on Jul 23, 2010 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



This has a bit to do with the recent incident that occurred when Google's Tavis Ormandy released details of a Windows bug without giving MS time to patch it. The argument for the change to "coordinated vulnerability disclosure" makes sense to me. It doesn't villanize the researchers who disclose these bugs to the same degree as "responsible disclosure" seems to.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month