In The News: Microsoft Pilot Program to give governments heads up on security vulnerabilities

j0401942 Warning! I’m going to vent a little in this post. Being thus forewarned…here goes. Recently Microsoft announced a program to give government organizations a technical heads-up on security vulnerabilities that might affect critical infrastructure. See Microsoft Bulletin.  Now, as a citizen who’s concerned about all the hacked secret information that’s been lost lately, I think this is a great idea.  However…[here comes the ranting] there are others who would appreciate having this technical heads-up also.  How about our banking system, or our military industrial companies, or our power industry, or our Internet commerce sites?  Doesn’t Microsoft think their technical heads-up would help these organizations?  What are they thinking? 

I suspect the government, after being attacked pretty badly over the last couple of years, put some pressure on Microsoft to get this agreement.  Too bad the non-government organizations don’t have that kind of influence and therefore will have to incur greater damage to their cyber infrastructures while Microsoft keeps the technical information about the vulnerabilities to themselves until the patch is ready.  Microsoft has taken up to a year to patch some vulnerabilities!

Does this bother anyone else?  Let me know what you think on this issue.

Paul

Advertisements

9 Comments

Filed under In the News, Internet, security

9 responses to “In The News: Microsoft Pilot Program to give governments heads up on security vulnerabilities

  1. Paul and Paul,

    Lot’s of Paul’s these days and all of them are techs (LOL)… Mr. Lubic meet Mr. Eckstrom…

    I can attest that Mr. Eckstrom will be a real asset to your blog and will give insight like no other.

    Great article, by the way.

    Rick

    • Rick,
      Paul and I have been chatting the last couple of days. Thanks for the formal introduction. I’m impressed with his site and with him…already. Thanks for stopping by.
      Best,
      Paul

  2. The other side of that very same coin is: (as the “conficker” outbreak so clearly demonstrated) the conventional wisdom practiced by so many admins that you don’t apply patches until they have been thoroughly tested in your environment.. which never gets done.. and the patches never get applied (or get applied too late). Why bother to release patches if the admins don’t (or can’t, because their hardware/software is ultra-legacy, or they have custom-built apps) apply them?

    I won’t get into how “patching” is the wrong way (or at least, a very short-sighted way) of dealing with security in the first place — that’s a whole ‘nother topic. But I will say your “rant” is spot on. My only guess as to why Microsoft might wish to be so withholding is that they know that – frequently – exploits get built after vulnerabilities get published.

    Just speaking off the cuff here. I am not an admin nor a Microsoft insider.

  3. Sorry about the bad link. It’s fixed now.
    Paul

  4. thank for your artikel..;p)

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s