Microsoft announces Coordinated Vulnerability Disclosure (CVD)

Microsoft announced "a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure.""CVD: Newly discovered vulnerabilities in hardware, software, and services are disclosed directly to vendors of affected product, to a CERT-CC or other coordinator who'll report to vendor privately, or to a […]

Microsoft announced "a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure.""

CVD: Newly discovered vulnerabilities in hardware, software, and services are disclosed directly to vendors of affected product, to a CERT-CC or other coordinator who'll report to vendor privately, or to a private service that'll likewise report to vendor privately. The finder allows the vendor an opportunity to diagnose and offer fully tested updates, workarounds, or other corrective measures before detailed vulnerability or exploit information is shared publicly. If attacks are underway in the wild, earlier public vulnerability details disclosure can occur with both the finder and vendor working together as closely as possible to provide consistent messaging and guidance to customers to protect themselves."

More Info: Announcing Coordinated Vulnerability Disclosure

About The Author

Deepak Gupta is a IT & Web Consultant. He is the founder and CEO of diTii.com & DIT Technologies, where he's engaged in providing Technology Consultancy, Design and Development of Desktop, Web and Mobile applications using various tools and softwares. Sign-up for the Email for daily updates. Google+ Profile.