Infosecurity.Com - Microsoft said it will begin disclosing third-party bugs as part of a revamping of its vulnerability disclosure practices.
Under the new policy, Microsoft will publish vulnerabilities that its staff uncover in third-party software and problems discovered by outside researchers and reported to the Microsoft Security Response Center.
Matt Thomlinson, general manager at Microsoft’s Trustworthy Computing Security, explained that the company is “providing more transparency and insight into our disclosure philosophy by announcing three updates to our disclosure practices – a CVD [Coordinated Vulnerability Disclosure] at Microsoft document, MSVR [Microsoft Vulnerability Research] Advisories, and our internal corporate Disclosure of Vulnerabilities policy.”
The CVD document “clarifies how Microsoft responds not only as a vendor impacted by vulnerabilities in its products and services, but as a finder of vulnerabilities in third-party products and services, and as a coordinator of vulnerabilities that affect multiple vendors”, Thomlinson said. Read More
