On Apr 11, 2005 1:56 AM, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >
> Mr. Guninski, although I am a huge fan of your work, I could not disagree > more. I am sending this email from Redmond where I was invited by Microsoft > to a small conference about security (it was mostly about what they go > through when stuff is reported). "M$", as you call it, is not trying to get > your 0days. They simply want to protect customers, and, although a large > part about it is profits, the concern is mostly (as far as I know) about the > users. Microsoft's biggest fear is wide-spread virus epidemics, so when a > critical vulnerability is fully disclosed without prior notice to MSRC, > Microsoft goes into an emergency state and everyone gets off of vacation > early to come in and help resolve the issue (as was the case with my > auto-sp2rc release in December, also called "Paul's Christmas" by MSRC > employees). Microsoft knows that security researchers hang out on lists like > fd a bugtraq, so what better place to eliminate t he common improper > disclosing ignorance than to provide clear, concise instructions directly on > the security hotspots? > > > > Regards, > > Paul Dumb question... since this is openly admitted as for profit you are posting this... what are you paying for exploits ? We all know others pay for them. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
