Stephen Toulouse - What does "responsible disclosure" mean to you?

Sign in to queue

Description

Microsoft's Security Response Center gets a lot of email sent to its secure@microsoft.com alias. Stephen kept talking about "responsible disclosure" with us so we wanted to find out just what he meant by that.

Tag:

Security

Embed

Download

Download this episode

The Discussion

  • User profile image
    Sk4rlath
    This video really made me smile.

    If more people knew what the security teams and developers at Microsoft had to deal with, then I think there'd be a lot less hate going in their direction.

    Why don't they tell you intimate details about security flaws in the software? This video explains that excellently.

    Why don't they make their software standards-compliant? If they did and they broke even one single app that depended on that non-standard behavior, then you'd hate them for that instead.

    Once again, keep it up guys! Just letting you know that you've still got at least one fan cheering you on!
  • User profile image
    Maurits
    Sk4rlath wrote:
    Why don't they make their software standards-compliant? If they did and they broke even one single app that depended on that non-standard behavior, then you'd hate them for that instead.


    That's a good - well, interesting - argument for not fixing a standards-incompliant piece of software.  It leaves open the question "why didn't they make it standards-compliant in the first place?"
  • User profile image
    Mike Dimmick
    Maurits wrote:
    That's a good - well, interesting - argument for not fixing a standards-incompliant piece of software.  It leaves open the question "why didn't they make it standards-compliant in the first place?"


    Usually because the 'standard' was written after the design was frozen.

Add Your 2 Cents