TechWhirl (TECHWR-L) is a resource for technical writing and technical communications professionals of all experience levels and in all industries to share their experiences and acquire information.
For two decades, technical communicators have turned to TechWhirl to ask and answer questions about the always-changing world of technical communications, such as tools, skills, career paths, methodologies, and emerging industries. The TechWhirl Archives and magazine, created for, by and about technical writers, offer a wealth of knowledge to everyone with an interest in any aspect of technical communications.
Quoting Andrew Plato <gilliankitty -at- yahoo -dot- com>:
>
> Could you cite a *specific* example where Microsoft has been "extremely
> slow"
> or "discouraged publicizing" vulnerabilities?
Hi, Andrew. I thought the topic might bring you out. ;-)
The worst one I can think of was last fall. 9 vulnerabilities were reported in
Internet Explorer, 8 critical. Microsoft took about three months to acknowledge
the vulnerability, and released a patch that addressed only some of the them -
five or six, I think (I can't remember exactly, but anyone who's interested can
look it up quickly enough. Dig a little more, and you shouldn't have any
shortage of examples)
Furthermore, how would MS have
> ANY control over the publication of vulnerabilities since the overwhelming
> majority of vulnerabilities are discovered by third parties - namely
> security
> researchers like ISS, eEye Digital, Foundstone, etc.
Of course it doesn't have any control. That doesn't stop it from suggesting
that publishing the announcements is inappropriate and harmful, or from not
acknowledging the potential problem.
>No offense Bruce, but the "open-source goooooood, Microsoft baaaaaaad" argument
>might fly on Slashdot. But, the rest of the world doesn't care. Its a tired,
>boring argument.
Which you evidently found so boring, and which you cared so little about that
you couldn't resist writing a long response to. No offense, Andrew.
Anyway, your report vastly simplifies what I said. It's not a case of good or
bad or of blind faith in one or the other; had the discussion been about
usability and GUIs, I would have had hard words to say about the open source
community's inability to give these matter the attention they deserve. The
issue responsible and responsive behavior.
Contrary to the picture you're trying to paint, the two points I've made are
far from radical or biased. Security-conscious sysadmins have been thinking and
saying them for a long time.
Not every criticism of Microsoft is based on jealousy or blind loyalty to its
opposition, you know. Some it's based on observation.
--
Bruce Byfield bbyfield -at- axionet -dot- com 604-421.7177
NEED TO PUBLISH YOUR FRAMEMAKER CONTENT ONLINE?
?Mustang? (code name) is a NEW online publishing tool for FrameMaker that
lets you easily single-source content to Web, intranets, and online Help.
The interface is designed for FrameMaker users, so there is little or no
learning curve and no macro language required! See a live demo that
will take your breath away: http://www.ehelp.com/techwr-l3
---
You are currently subscribed to techwr-l as:
archive -at- raycomm -dot- com
To unsubscribe send a blank email to leave-techwr-l-obscured -at- lists -dot- raycomm -dot- com
Send administrative questions to ejray -at- raycomm -dot- com -dot- Visit http://www.raycomm.com/techwhirl/ for more resources and info.
