Microsoft Revises Security Bulletins, Rating System
The company will make security bulletins more readable and add a fourth security ratingImportant.In the hopes of making its security bulletins more readable, Microsoft Corp. on Tuesday announced that it has revised the guidelines it uses to rate the severity of the security vulnerabilities in its products. The company will also establish a separate mailing list for end users who dont want or need all of the technical detail in the advisories it sends out to systems administrators and security specialists. The changes are a result of feedback from customers who thought the bulletins were too detailed and confusing. The Microsoft Security Response Center, which handles the investigation of any alleged vulnerabilities in the companys products, sends out an advisory to its Security Notification Service mailing list any time there is a confirmed flaw that might affect multiple customers. The list is open to anyone, but is made up mainly of highly technical users. As a result, the bulletins mailed out to the list include a lot of detail on the vulnerability itself, how it might be exploited and any mitigating factors.
Much of this information is lost on home users, who simply want to know about the problem and whether they need to install the patch.