Information Security News mailing list archives
RE: Microsoft upgrades IE flaw to critical after criticism
From: InfoSec News <isn () c4i org>
Date: Mon, 16 Dec 2002 05:17:56 -0600 (CST)
Forwarded from: Mark A. Simos <MSimos () POBox com> Cc: myemailaccount () fastmail fm The attacks on Microsoft's security are getting repetitious and counter-productive. There are plenty of flaws in many open source products that could be listed and lambasted on a list such as this. IMHO, the attacks have worked and should be put aside until it is obvious they are needed again. The company shutdown production for 2 months and forced every developer to review every line of code. That is a pretty serious commitment for a profit driven corporation. The versions of the software most directly affected have not even been released in production yet. How would you motivate a large number of home-users to patch affected systems? RedHat et al currently still have the mixed blessing of not having a large install base of unmanaged home PCs. RedHat will face the exact same problem if/when it gains marketshare in that area. then what? do they remotely as redhat root account force people to patch? do they coax, cajole and try to sell patching to end users? Full Disclosure: I work for the evil empire, get over it. FYI, I mean nothing special about redhat specifically, they are just the most popular MS alternative in the US At 04:52 AM 12/13/2002 -0600, InfoSec News wrote:
Forwarded from: "Kuypers, Jimmy" <myemailaccount () fastmail fm> CMIIW, but didn't microsoft anounce to downplay alot of it's security warnings to less then "critical" because of the many critical patches real end-users could no longer distinquish wich patches are truely critical (imo all are ofcourse) and then the end-users wouldn't download any of them... This was also called the "boy who cried wolf" effect.... Leme see, yes a quote : "The Redmond-based software giant also plans to limit the "critical" rating on security alerts to customers because of fears that too many high-level alerts were being issued. Instead of issuing a "critical" rating on vulnerability warnings, Microsoft has modified its Severity Rating Criteria to specify clearly which bugs needed to be addressed immediately.
[...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- RE: Microsoft upgrades IE flaw to critical after criticism InfoSec News (Dec 16)