WINS Flaw Reheats Debate on Disclosure Timing
While some security experts say it's dangerous to keep customers in the dark, vendors wonder what good it does to release details about flaws before patches are ready.A vulnerability in Microsoft Corp.s Windows first identified in Maybut only now receiving widespread attentionhas reopened the contentious debate between security researchers and software vendors over the proper method and time frame for disclosing security flaws. Few topics cause as much hand-wringing and heartburn as full disclosure. Simply mentioning the subject in some circles can generate the kind of quasi-religious zeal and partisan rhetoric normally reserved for discussions about gun control or nuclear proliferation. Indeed, some participants in the debate see the early release of vulnerability information as roughly analogous to handing loaded guns to gangs of trigger-happy juvenile delinquents.
Improving the patch-handling process has been a key part of Microsoft Chairman and Chief Software Architect Bill Gates Trustworthy Computing push.