• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / News / Microsoft Reframes ‘Responsible Disclosure’ into Coordinated Vulnerability Disclosure

Microsoft Reframes ‘Responsible Disclosure’ into Coordinated Vulnerability Disclosure

2010-07-22 by Jason

The Microsoft Security Response Center announced earlier today via their TechNet blog a change in the practice of disclosing vulnerabilities. Responsible disclosure being the hot topic for last month shows its cause-effect relationship with today’s announcement being the ‘effect’ part. Microsoft is sticking to its guns and holds fast “that coordination and collaboration are required to resolve issues in a way that minimizes risk and disruption for customers.”

Coordinated Vulnerability Disclosure is mostly just a way of spelling out the concept of responsible disclosure that most people seem to already understand. Microsoft explains ideally how disclosure would occur:

Coordinated Vulnerability Disclosure (CVD): Newly discovered vulnerabilities in hardware, software, and services are disclosed directly to the vendors of the affected product, to a CERT-CC or other coordinator who will report to the vendor privately, or to a private service that will likewise report to the vendor privately. The finder allows the vendor an opportunity to diagnose and offer fully tested updates, workarounds, or other corrective measures before detailed vulnerability or exploit information is shared publicly. If attacks are underway in the wild, earlier public vulnerability details disclosure can occur with both the finder and vendor working together as closely as possible to provide consistent messaging and guidance to customers to protect themselves.

The main change is that the philosophy stresses the shared responsibility between security researchers and vendors.

CVD’s core principles are simple: vendors and finders need to work closely toward a resolution; extensive efforts should be made to make a timely response; and only in the event of active attacks is public disclosure, focused on mitigations and workarounds, likely the best course of action — and even then it should be coordinated as closely as possible.

The end goal in this marketing re-branding is still to minimize the risk of those using particular software, hardware, or service providers. Part of the problem is that the term ‘responsible’ might be considered a loaded term and a security researcher might believe they are being responsible through full public disclosure as incentive for the vendor to quickly release a patch and the rest of the security community to validate the vulnerability and come up with fixes and work-arounds.

If you’re interested in learning more about this reframing, you should read the Microsoft Security Response Center announcement and further explanation in step form of the “new” CVD process through today’s entry over at the MSRC Ecosystem Strategy Team Blog.

Filed Under: News, Security and Privacy

Trending

  • Understanding the fine print in a Privacy Policy
    In Security and Privacy
  • Building a powerful gaming PC, September 2012
    In Hardware, Gadgets, and Products
  • Size Explorer Free – Find hard drive space hogs
    In Software, Tech Solutions

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Command line to take ownership and change permissions Command line to take ownership and change permissions
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
  • Top 6 necessary aspects to consider when hiring Angular developers Top 6 necessary aspects to consider when hiring Angular developers
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO  

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in