Microsoft calls for responsible disclosure of security flaws
Following a security scandal last week, Microsoft has reiterated its position to support responsible disclosure of system vulnerabilities.
This latest announcement from the software giant, comes just days after an in-house researcher went public with a zero-day vulnerability in Windows XP and Windows Server 2003 last week.
The employee, Tavis Ormandy spoke out about the vulnerability as well as publicising the exploit code, just five days after reporting the flaw to Microsoft.
Ormandy defended his comments, stating, "I've concluded that there is a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security."
But Microsoft continues to defend its own position. A Microsoft spokesperson spoke on the subject today, stating, "Reporting vulnerabilities directly to vendors without further disclosure helps ensure that customers receive comprehensive, high-quality updates before cybercriminals learn of - and work to exploit - a vulnerability."
"Responsible disclosure protects the computer ecosystem and individual computer users from harm," he continued.
Microsoft is still investigating the vulnerability and has said it will release more information once the extent of the issue has been determined.
Return to security news headlines
View Security News Archive