[Full-disclosure] How to Report a Securiyt Vulnerability to Microsoft
contact_jamie_fisher at yahoo.co.uk
Mon Apr 11 12:47:54 BST 2005
Hi... For what it is worth I wanted to wade into this discussion pool. Recently I found a BO at rad.msn.com and published it to Full Disclosure but not without first contacting Microsoft with my findings. As it transpires I had sent my findings to the wrong email address. To cut an uninteresting story short, through an itterative process Microsoft and I worked together (no money involved - and I shouldn't think so either) to understand and resolve the issue. Suprisingly I found the people at Microsoft very friendly; the sort of people I'd probably have a pint with at the pub on the weekend.
Personally I'm vendor OS agnostic, i.e., I dont give a rats arse as to whether you're alligned with Linux, IBM, VMS, Microsoft or Mr Crappy's OS. As a security consultant, and with politics out of the way my only interest is whether the OS or product can be secured well. In terms of my experience in finding security vulns and flaws in code I'm quite green, but I do know that it is essential for me to foster a good working relationship with vendors if I am to be anything other than a 'here is my big whoopie security vuln: fUx to M$' type of security consultant.
Perhaps Microsoft genuinely thought it about time another anouncement was sent to FD to keep the education process from stalling. Personally I think they're doing a stellar job!
Send instant messages to your online friends http://uk.messenger.yahoo.com
-------------- next part --------------
An HTML attachment was scrubbed...
Full-Disclosure is hosted and sponsored by Secunia.