Microsoft Opens Its Security Research Cookbooks

greg65535 writes "Today Microsoft launched a blog about the internals of their IT security research and patch development process. There are already some posts that you will not find in the official security bulletins or KB articles. One of the posts says, 'We periodically identify workarounds or mitigations like this that we can't use for official guidance because they're either too nuanced or have some exception cases. When we discover something potentially useful but are uncomfortable listing it in the bulletin, we'll do our best to describe it here in this blog.' It looks like Microsoft is making an effort to become more 'open' in the area of security research and communication."

Can we revisit the tag thing?

[Anonymous Coward]

Why is it that people feel the need to put in 35 character long tags? Isn't that defeating the purpose of it all?

Re:But will they release source code...

[El Royo]

There are different types of open. Your point is hardly at all related to the article. Just revealing some of their process will no doubt be very useful to developers who also develop code that needs to be secured. Also, providing more details on vulnerabilities might be useful to people who are protecting corporate networks. Obviously, what you meant is that this effort won't be popular with the best developers with a chip on their shoulders.

Wireshark

[cibyr]

Anyone else find it interesting that they had screenshots from Wireshark (previously known as Ethereal) on the page?