nk497 notes the news that a group of researchers calling themselves the Microsoft-Spurned Researcher Collective (the name is a play on Microsoft's Security Response Center) have come together to protest Microsoft's perceived heavy-handedness towards researchers who disclose security flaws. Pushed into action by the reception to the
flaw disclosed by Tavis Ormandy, the group has
released full details and exploit code for a previously unknown Windows local privilege escalation vulnerability. The
advisory for the vulnerability, which affects Windows Vista and Windows Server 2008, contains the following manifesto:
"Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective. MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."
Read More...
No comments:
Post a Comment