Susan, I wish I had the time to hold your hand through getting up to
speed on the disclosure debate. Instead, I would suggest starting with
the links in my advisory which were intended to give you enough
background to understand the issues involved (skip to the Notes section,
if you like).
As I cannot hope to speak as eloquently on the topic as Bruce, I will
not attempt to repeat them for you here.
If after researching the topic you still have questions, please let me
On Thu, Jun 10, 2010 at 08:36:09AM -0700, Susan Bradley wrote:
I'm not an enterprise customer, but I am a mouthy female. So here's my
question back to you, for my education, how exactly did MSRC contact you
Since June 5th have you tried emailing back or any of your contacts from
past interactions and asked what was up? I'm disappointed in this lack
of communication I see on both sides. You are ...well... Tavis
Ormandy... I seriously doubt MSRC is blowing you off here.
Keep in mind we just had a LARGE patch week to deal with. I don't know
what was going on on their side, nor making excuses as I don't know what
communication you've had in the past and had on this issue ... I'm just
saying I would have spent a little more time getting mad at them and
sent a lot more emails back to them before posting this.
(And try dealing with Microsoft licensing sometime if you think security
communication is lacking)