Microsoft’s relationship with the security researchers who make a hobby or a living out of finding security flaws with its software has often been contentious. At times, it has grown downright hostile, with jilted researchers threatening to post vulnerabilities on the Web before even contacting the company.
But now, Microsoft is changing up the way it handles security disclosure and reporting as it looks to build a better rapport with the research community. It’s even given the new approach a name: “coordinated vulnerability disclosure.” eSecurity Planet has the details.
In an effort to work more amicably with security researchers who feel Microsoft too often ignores them, the software giant announced it is tweaking its security approach regarding when security researchers disclose new exploits to vendors, hackers and security administrators.
At the same time, Microsoft (NASDAQ: MSFT) released a “Fixit” program that will automatically implement one of the workarounds the company called out to address a security flaw released by hackers in mid-July that takes advantage of a newly discovered hole in the Windows Shell.