Warning! I’m going to vent a little in this post. Being thus forewarned…here goes. Recently Microsoft announced a program to give government organizations a technical heads-up on security vulnerabilities that might affect critical infrastructure. See Microsoft Bulletin. Now, as a citizen who’s concerned about all the hacked secret information that’s been lost lately, I think this is a great idea. However…[here comes the ranting] there are others who would appreciate having this technical heads-up also. How about our banking system, or our military industrial companies, or our power industry, or our Internet commerce sites? Doesn’t Microsoft think their technical heads-up would help these organizations? What are they thinking?
I suspect the government, after being attacked pretty badly over the last couple of years, put some pressure on Microsoft to get this agreement. Too bad the non-government organizations don’t have that kind of influence and therefore will have to incur greater damage to their cyber infrastructures while Microsoft keeps the technical information about the vulnerabilities to themselves until the patch is ready. Microsoft has taken up to a year to patch some vulnerabilities!
Does this bother anyone else? Let me know what you think on this issue.