diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Microsoft to credit Google security researcher for reporting Windows bugs

A Google security engineer Tavis Ormandy, tweeted “Apparently I’m getting four credits on Tuesday” — “Ormandy disclosed a bug in Windows’ Help and Support Center. Just five days later Ormandy went public with bug when Microsoft didn’t commit to a patching deadline. Microsoft disputed the claiming that it had only told Ormandy “it needed the rest of that week to decide”.”

Microsoft will now credit his work on four of the 34 bugs slated for patching on Tuesday.

After the incident, Google said researchers should give vendors a 60-day window to patch, then go public with their findings to pressure patching. Not surprisingly, Microsoft has disagreed with setting patch-or-else deadlines.

Last month, Microsoft substituted the term “responsible disclosure” with “coordinated vulnerability disclosure” (CVD) to describe collaboration between researchers & vendors.


Share This Story, Choose Your Platform!

Do NOT follow this link or you will be banned from the site!