Beginning this month, Microsoft will start to publish details about upcoming security updates in a newsletter available to the general public. Previously this information had been available, but only to those who knew about it and would sign a confidentiality agreement, which ended up being a handful of its largest customers.
Sure, let the criminals know about the security holes while 99% of the public goes unaware. Anybody who is actually going to pay attention to these security warnings are either crackers who want to exploit those hoes, or people who are security-conscious and already taking the necessary percautions, and probably wouldn’t be affected even if they didn’t know about the exploits, because their system is already properly locked down.
I suspect that the details of the particular security exploits in question will already be well-known in security circles by the time they appear in this newsletter. The only new info that MS will be providing will be when their patch will be available and how important they consider the issue.
Suppose I am the bad guy who signs a cofidentiality agreement with MS and uses those to bring out early exploits. what would the poor users do?
What’s good is that they are opening their doors to all, without the NDA foo !!!! Yup I agree, it makes no difference to the the ‘crackerjack’- they know more about the product flaws before the company. Else it won’t be called a security hole, rather it would be called a bug with a fix soon syndrome from MS !! correct ??