Re: How to Report a Security VulnerabilitytoMicrosoft

[tuytumadre () att net]

> mcbain () aol com wrote: 
>
> > But think about it, the testing scenarios that exist on planet earth can not 
> possibly be even accounted for let alone tested in Redmond. 
>
> Point made; large install base requires more testing. 
> But like most things this does not apply to every patch/root-fix. It 
> seems they take their time on the simple fixs too most times. 
>
> -- 
> dk 

Often times, the simplest of fixes tend to create the most complex architectural problems. Microsoft doesn't focus all 
their effort on pen-testing their patches, they spend their time mostly on ensuring that 3rd party software is not 
broken by their patches. That's why the simplest of fixes aren't as simple as they may seem. You only see the solution; 
Microsoft must dig through several solutions before they find the right one.

Paul
Greyhats Security
http://greyhatsecurity.org
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/