Friday, April 15, 2005
Security company says nice things about Microsoft
Michael Sutton of iDefense Labs says Microsoft security practices are improving.
He's talking specifically about how Microsoft reacts when someone reports a security bug. They're acknowledging problems and giving credit to the people who report the problems. Giving credit is important because so many people who dig for security bugs are doing it to build a reputation. Thanking them in public is like paying them.
He also said something worth thinking about:
|
He's talking specifically about how Microsoft reacts when someone reports a security bug. They're acknowledging problems and giving credit to the people who report the problems. Giving credit is important because so many people who dig for security bugs are doing it to build a reputation. Thanking them in public is like paying them.
He also said something worth thinking about:
"Microsoft needs to shorten the patch time frame. It's now at about 145 days from when something is brought to their attention to when a patch is released. That's nearly five months, and that's probably too long"
# posted by Frederick @ 9:54 AM Email to a friend:
Haloscan: they provide trackback