[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vendor disclosure to ICSA IDC



At 11:48 PM -0400 7/6/99, Russ wrote:
>
>The issue that's relevant to the CVE effort is the level of disdain
>Jason had towards my suggestion that the Mitre effort was the right
>place to disclose the information. He was not impressed, and that is
>something I would like to see changed.

In the last decade, I have seen no MS personnel attend security 
conferences, workshops, or important meetings.   When I was part of a 
high-level government working group investigating dangers of COTS, MS 
was the only vendor that did not provide cooperation.    MS also has 
a poor history of cooperating with anti-virus researchers and vendors.

They have an institutional attitude problem about security efforts. 
I would like to see it changed, too, but I won't hold my breath.

Our best bet is to do the best we can with what we have, and after 
the CVE goes public and people start referencing it, we hope they 
cooperate.

--spaf

Page Last Updated or Reviewed: May 22, 2007