Forgot your password?
typodupeerror
Government Microsoft Security IT

MS To Share Early Flaw Data With Governments 100

Posted by kdawson
from the for-your-eyes-only dept.
Trailrunner7 writes "Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks. The program, codenamed Omega, features a 'Defensive Information Sharing Program' that will offer government entities at the national level technical information on vulnerabilities that are being updated in their products." There's a stream the bad guys would dearly love to tap into.
This discussion has been archived. No new comments can be posted.

MS To Share Early Flaw Data With Governments

Comments Filter:
  • by pilgrim23 (716938) on Tuesday May 18, 2010 @04:50PM (#32257878)
    and everyone KNOWS how well governments can keep secrets.
  • WTF? (Score:4, Insightful)

    by Anonymous Coward on Tuesday May 18, 2010 @04:51PM (#32257884)

    Because governments would never help a company in their nation with industial espionage.....

  • by retardpicnic (1762292) <retardpicnic@gmail.com> on Tuesday May 18, 2010 @04:55PM (#32257926)
    The projects codename.. which means "the end" or the fact that now the gov't can rely on IMHO the absolute last people to know about the problem,and are at fault.. to give them early warning.
  • Aweful idea (Score:2, Insightful)

    by Anonymous Coward on Tuesday May 18, 2010 @04:57PM (#32257956)

    Thats just a terrible way to go about things in my opinion.

    We all know that between the massive list of "government entities" there are bound to be some (perhaps even many) bad apples (be it in official capacity or just a sole individual). The implementation of this program would mean these individuals would get notification ahead of time that allows them to do the usual shenanigans of reverse engineering the solution (or just analysing the problem the patch supposedly fixes), and then build&release an exploit before Microsoft releases the patch to the general public.

    I'd say a program like this will not make it's participants (the government agencies) much more secure than they are now (some might even argue not at all), but will severely compromise the security of everyone else (the general public).

  • by Anonymous Coward on Tuesday May 18, 2010 @05:04PM (#32258032)

    It's certainly not about security. It's purely a PR scheme. MS wants to make government agencies feel important and special if they use their products. Nothing impresses government officials more than press releases that make every bullshit bing player happy.

  • Oxymorons abound (Score:2, Insightful)

    by oDDmON oUT (231200) on Tuesday May 18, 2010 @05:29PM (#32258264)

    Critical infrastructure / Windows

    Seems like it's long overdue to realize that those two concepts are mutually exclusive.

  • by linzeal (197905) on Tuesday May 18, 2010 @05:37PM (#32258356) Homepage Journal
    Doesn't Linux already do this, for everyone? The only people who are going to be fooled by this in the government are elitist pricks.
  • by Anonymous Coward on Tuesday May 18, 2010 @05:54PM (#32258524)

    There are a lot of countries where the mob either runs the government or has strong ties to it. Letting the government in many countries in on vulnerabilities early also lets the mob in. This could be a bad thing.

  • by bradbury (33372) <Robert...Bradbury@@@gmail...com> on Tuesday May 18, 2010 @06:08PM (#32258636) Homepage

    So Microsoft has the flaws, the governments have the flaws, but we, the purchasers of windows software do not have the flaws. What is wrong with this model? Could it (cough) perhaps be that the software isn't open source (in which environments the flaws tend to be published openly on an extremely short time scale)?

    IMO the last bastions of the purveyors of a flawed model would tend to recruit those in power to perpetuate said model. (Oh its OK that there is a flaw because the powers that be know about it and we are going to fix it... eventually...)

    Please please somebody, study the serious flaw correction rate in closed source vs. open source software (i.e. time from flaw discovery until flaw correction availability). I would hope that if this has not already been done someone is attempting to do it.

    And shame on a majority of city, state and U.S. governments for operating on closed source software and not having concrete data with respect to flaws and vulnerabilities. If you worked for a corporation (at least one which knew the value of open source perspectives) your head would be on on a "silver platter" for allowing the corporation to be open to be open to the vulnerabilities of closed source software.

    Simple. Ask Microsoft to warranty its products to be free of defects. And if it does not do so you are most probably utilizing products which probably contain defects. And that is a sad situation -- we are running reality with no more knowledge than we have of that of a "can-o-worms" [1].

    1. To the best of my knowledge the genome sequence of the common garden worm is not known and even if it were there are probably few if any systems biologists who could explain in detail how it really works. Programs that have worked for hundreds of millions of years (e.g. worms) are probably fairly safe (even if we cannot explain how they work). Programs which have operated for less than 30 years and are driven by monetary criteria (profit margins, ROI, etc.) are probably an open source for concern.

  • by nimbius (983462) on Tuesday May 18, 2010 @06:18PM (#32258702) Homepage
    the book of FLOSS guys. all your customers need to promptly know when you find flaws, not just the governments with the ability to restrict your sales and service. Im talking about banks, schools, hospitals, and power plants.
  • by bussdriver (620565) on Tuesday May 18, 2010 @06:24PM (#32258760)

    Does it really help that much if the vendor gives you early access to security issues? Its not like they discover them all and probably 3rd parties are a large source of insight into their problems.

    ONE vendor won't be that great; and MS hasn't done well for a long time. Outside the vendors is probably more useful information and the organized criminals and governments probably know of more than the vendor does. The problem is the vendor is not told or fails to listen etc. Linux on the otherhand is not limited by be a specific vendor...

  • License to hack! (Score:5, Insightful)

    by molo (94384) on Tuesday May 18, 2010 @06:29PM (#32258818) Journal

    This is insanity! So the government of US, UK, Israel, China, etc. will get information on vulnerabilities before the general public? The obvious outcome isn't a more secure government server, it is that the intelligence agencies will get a headstart on exploiting public and private systems the world over. It is a license to hack, for either industrial espionage or government espionage purposes.

    What is a system administrator to do? There is no way to prepare for this kind of thing, the attack vectors will be unknowable by the general public. My only thought is to switch as many systems away from Microsoft as fast as possible. This is a total security nightmare.

    -molo

  • by Anonymous Coward on Tuesday May 18, 2010 @07:06PM (#32259122)
    I see the Redmond hordes have mod points today. Go ahead and waste them on AC's, jackasses.

"The vast majority of successful major crimes against property are perpetrated by individuals abusing positions of trust." -- Lawrence Dalzell

Working...