Full Disclosure mailing list archives
How to Report a Securiyt Vulnerability to Microsoft
From: jamie fisher <contact_jamie_fisher () yahoo co uk>
Date: Mon, 11 Apr 2005 12:47:54 +0100 (BST)
Hi... For what it is worth I wanted to wade into this discussion pool. Recently I found a BO at rad.msn.com and published it to Full Disclosure but not without first contacting Microsoft with my findings. As it transpires I had sent my findings to the wrong email address. To cut an uninteresting story short, through an itterative process Microsoft and I worked together (no money involved - and I shouldn't think so either) to understand and resolve the issue. Suprisingly I found the people at Microsoft very friendly; the sort of people I'd probably have a pint with at the pub on the weekend. Personally I'm vendor OS agnostic, i.e., I dont give a rats arse as to whether you're alligned with Linux, IBM, VMS, Microsoft or Mr Crappy's OS. As a security consultant, and with politics out of the way my only interest is whether the OS or product can be secured well. In terms of my experience in finding security vulns and flaws in code I'm quite green, but I do know that it is essential for me to foster a good working relationship with vendors if I am to be anything other than a 'here is my big whoopie security vuln: fUx to M$' type of security consultant. Perhaps Microsoft genuinely thought it about time another anouncement was sent to FD to keep the education process from stalling. Personally I think they're doing a stellar job! Send instant messages to your online friends http://uk.messenger.yahoo.com
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- How to Report a Securiyt Vulnerability to Microsoft jamie fisher (Apr 11)