Microsoft argues for "neighborhood watch" approach to security

[Bugbatter]

At the Black Hat security conference today, Microsoft championed a new approach to addressing security issues. The new emphasis is on collaboration between software vendors and security researchers to ensure that customers are kept as safe as possible.

Microsoft likened its approach to Neighborhood Watch schemes—secure computing cannot be achieved with software vendors and researchers all working independently; the landscape is too complex and the attackers are too numerous for this approach to work. Instead, companies must set aside their differences and work together to safeguard customers.

Complete Article:
http://arstechnica.com/microsoft/news/2010/07/microsoft-argues-for-neighborhood-watch-approach-to-security.ars

[ky331]

Two other quotes from the article:

"Under this new policy, security researchers and software vendors will work together to ensure that patches are in place prior to announcing any newly discovered flaw. However, if it becomes apparent that the flaw has exploits in the wild, the two will disclose the flaw earlier—and possibly in full".

So hopefully, we won't be confronted with another "disclosure" merely 4 or 5 days after Microsoft is advised of the vulnerability... but rather, the security world will "fess up" only after the vulnerability has been safely patched.

Sometimes, "ignorance" [lack of knowledge than can help amateur hackers create/spread vulnerabilities] is bliss.

NOT that I'm gonna be holding my breath....

-------------------

Microsoft "will notify the same network of partners of impending updates to Adobe's software [e.g., Reader, Flash]... so that their products can be updated to provide protection against the ever-increasing number of exploits targeting Adobe's software".