Microsoft

Schneier - Crypto-Gram November 15, 2001

2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay

"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more

Peace of Mind Through Integrity and Insight - Manzuik reaction on Culp essay

2001/10/17 : "Code Red, Nimda and a few of the more recent worms were made possible not by the research that discovered the vulnerability they exploited but by the lack of awareness and training by system administrators who did not patch their systems." (p.1-2)

This artifact is part of...Read more

MS to force IT-security censorship (Greene paper)

2001/11/02 : On this paper, Thomas C. Greene expresses his opinion against Microsoft's way of handling vulnerability disclosure.

"We all know how Microsoft likes to bully its many 'partners', so it comes as no surprise that the Beast has decided to apply its...Read more

NEOHAPSIS - LeBlanc reaction on Culp essay

2001/11/02 : David LeBlanc, founding member of the Trustworthy Computing Initiative at Microsoft, defend Culp. 

"So a vendor who won't fix bugs unless their customers are threatened with active attack is a very different problem than one who fixes problems...Read more

Heart of Blue Gold – Announcing New Bounty Programs (Microsoft)

2013/06/19 : Microsoft decided to create new bounty program.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

Remote print server gives anyone Windows admin privileges on a PC

2021/07/31 : Lawrence Abrams writes a paper about a new event of full disclosure.

"A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver."Read more

Microsoft Reveals Anti-Disclosure Plan (Poulsen paper)

2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening. 

"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more

Keeping Security Issues in the Open - Davies reaction on Culp essay

2001/10/26 : Davies gives his point of view on Clup essay : "He proposes a culture of secrecy, where the security professional should share his knowledge only with the software retailer or development group. This, he says, will "raise the bar" for those seeking to write destructive worms...Read more

Information Anarchy: The Blame Game? - Edwards reaction on Culp essay

2001/10/23 : Edwards analyses Culp essay on information anarchy.

"It seems that Microsoft is doing that now indirectly with its new Strategic Technology Protection Program (STPP). The effects should...Read more

Microsoft Exchange servers are getting hacked via ProxyShell exploits

2021/08/12 : Lawrence Abrams explains how "Orange Tsai at a Black Hat talk about recent Microsoft Exchange vulnerabilities he discovered when targeting the Microsoft Exchange Client Access Service (CAS) attack surface.
After watching the talk, security researchers PeterJson and Nguyen Jang ...Read more

Threat Complexity Requires New Levels of Collaboration - Stone and Moussouris on the creation of MSVR

2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more

Subscribe to Microsoft