Microsoft

NEOHAPSIS - LeBlanc reaction on Culp essay

2001/11/02 : David LeBlanc, founding member of the Trustworthy Computing Initiative at Microsoft, defend Culp. 

"So a vendor who won't fix bugs unless their customers are threatened with active attack is a very different problem than one who fixes problems...Read more

Schneier - Crypto-Gram November 15, 2001

2001/11/15 : Schneier published his monthly newsletter.
He talks about Cert/CC creation and reacts here on Culp essay

"[Culp] claimed that we'd all be a lot safer if researchers would keep details about vulnerabilities to themselves, and stop arming...Read more

Keeping Security Issues in the Open - Davies reaction on Culp essay

2001/10/26 : Davies gives his point of view on Clup essay : "He proposes a culture of secrecy, where the security professional should share his knowledge only with the software retailer or development group. This, he says, will "raise the bar" for those seeking to write destructive worms...Read more

Threat Complexity Requires New Levels of Collaboration - Stone and Moussouris on the creation of MSVR

2008/08 : Microsoft create the Microsoft Vulnerability Research Program (MSVR).Read more

Coordinated Vulnerability Disclosure Reloaded (Microsoft)

2011/04/19 : Microsoft reloaded its Coordinate Vulnerability Disclosure.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

MS to force IT-security censorship (Greene paper)

2001/11/02 : On this paper, Thomas C. Greene expresses his opinion against Microsoft's way of handling vulnerability disclosure.

"We all know how Microsoft likes to bully its many 'partners', so it comes as no surprise that the Beast has decided to apply its...Read more

Wannacry Ransomware

2017/05 : "The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency." (Wikipedia)Read more
Microsoft Reveals Anti-Disclosure Plan (Poulsen paper)

2001/11/09 : One month after Culp article, future OIS (Organization for Internet Safety) was announced. Kevin Poulsen analysed what was happening. 

"Microsoft and five major computer security companies rounded up the three-day Trusted Computing...Read more

"MS throttles research to conceal SW bugs" (Greene paper)

2001/11/09 : Thomas C. Greene expresses once again his opinion against Microsoft's way of handling vulnerability disclosure.

"Microsoft Security Manager Scott Culp revealed unilateral steps the company has taken to throttle the exchange of vulnerability ...Read more

Filling A Gap In the Vulnerability Market – First Bounty Notification (Microsoft)

2013/07/10 : Here is the Microsoft first Bounty Notification after they finally decide to launch their bug bounty.

This artifact is part of the Microsoft Vulnerability Disclosure Bundle.Read more

Hackers keep the heat on Windows NT security (L0pht)

1997 : L0pht, "a group of sophisticated hackers has stepped up the assault on the security of Microsoft's Windows NT operating system."

The group began then negotiating with Microsoft and other companies. They agreed to notice them a month before the...Read more

Security woes: Who is to blame? - Culp interview

2001/11/08 : Robert Lemos interviewed Scott Culp for CNET News.

"The essay is not calling for people to refrain from looking for security vulnerabilities, to stop reporting them to the vendors, to stop telling customers about them. We don't want to change any of that. The only thing that...Read more

Subscribe to Microsoft
Need help with PECE?
Join the PECE Slack channel