[Infowarrior] - Microsoft offers peek into "juicy" flaw details

[Richard Forno]

Microsoft offers peek into "juicy" flaw details
Published: 2007-12-28

http://www.securityfocus.com/brief/651?ref=rss

Microsoft launched a blog on Thursday, promising to use the online bulletin
board to keep its customers abreast of the "juicy spill-over technical
stuff" found by the company's vulnerability researchers.

The blog, titled "Security Vulnerability Research and Defense," will host a
variety of technical elements -- such as complicated workarounds, debugging
techniques and information on vulnerability triage -- that do not regularly
make it into Microsoft's security bulletins, the company stated. The
software giant posted two analyses of vulnerabilities patched earlier this
month.

"During our vulnerability research, we discover a lot of interesting
technical information," a Microsoft researcher stated on the blog. "We¹re
going to share as much of that information as possible here because we
believe that helping you understand vulnerabilities, workarounds, and
mitigations will help you more effectively secure your organization."

The blog is the latest change in the way that Microsoft informs its users
about security flaws and patches. In May, the software titan modified the
layout of it bulletins and started giving more information about upcoming
advisories through its Advanced Notification Service. Microsoft has found
that the number of high severity vulnerabilities slightly decreased in the
first six months of 2007.

Earlier this month, Microsoft published its final regularly scheduled
patches for the year, bringing the total number of bulletins published by
the company to 69 in 2007.