Microsoft has a new security service that will provide an immediate response when researchers publicize unpatched vulnerabilities.

The pilot program run by the Microsoft Security Response Center (MSRC) and called simply Microsoft Security Advisories, complements the monthly scheduled Security Bulletins ordinarily accompanied by patches.

Unlike the bulletins though, advisories will not have to meet any fixed schedule, being issued instead as soon as possible after a vulnerability is disclosed, Microsoft said.

The advisories will be used to address various issues arising between the monthly bulletins, including vulnerability disclosures and phishing scams.

The advisories “will address security changes that may not require a security bulletin but that may still impact customers’ overall security,” said Nick McGrath, Microsoft’s head of platform strategy. “Customers have told us that they want more prescriptive and timely guidance on security issues.”

In the past, Microsoft has limited its detailed comments to the monthly bulletins, responding to other issues with short statements. A noticeable shift came last month when MSRC program manager Stephen Toulouse used the MSRC blog to discuss a flaw that had been disclosed in Windows 2000 systems. Typically, Microsoft uses such discussions to downplay the severity of unpatched flaws.

The advisory system is the latest development in an ongoing debate over how software vendors and security researchers should balance the need for users to be aware of vulnerabilities with the need for discretion. Microsoft has criticized security researchers for discussing flaws before a patch has been released. For their part, many researchers have said they only disclose vulnerability information if they are unable to convince Microsoft to take action.

Would you recommend this article?

0
0
Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada


Related Download
Cybersecurity Conversations with your Board Sponsor: CanadianCIO
Cybersecurity Conversations with your Board – A Survival Guide
A SURVIVAL GUIDE BY CLAUDIO SILVESTRI, VICE-PRESIDENT AND CIO, NAV CANADA
Download Now