OS Opinion released a short article on Microsoft's new security plan. Microsoft will not be writing new code this month, but just doing a quick security audit. Bravo Microsoft!
It was mentioned on The OpenBSD Journal that the biggest problem with Microsoft's security is the users. So will education be pimped by Microsoft? Let's hope so.
There is also an article on Security Focus mentioning several companies, including Microsoft, @stake, and Foundstone (among other big players) working on a draft on full disclosure. This will include a one month wait before releasing specific exploit code and information. Is this full discloseure as we know it? Not exactly. But I think this is definitely a good idea to give the vendor time to release a patch, and 30 days should be long enough.
It was mentioned on The OpenBSD Journal that the biggest problem with Microsoft's security is the users. So will education be pimped by Microsoft? Let's hope so.
There is also an article on Security Focus mentioning several companies, including Microsoft, @stake, and Foundstone (among other big players) working on a draft on full disclosure. This will include a one month wait before releasing specific exploit code and information. Is this full discloseure as we know it? Not exactly. But I think this is definitely a good idea to give the vendor time to release a patch, and 30 days should be long enough.