Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly
From: Susan Bradley <sbradcpa () pacbell net>
Date: Thu, 10 Jun 2010 09:26:47 -0700

You commented that Microsoft needs to address a communication problem.  
It's irrelevant to the full disclosure issue in my mind.

I'd honestly like to know if there is a break down in communication at 
the MSRC that needs to be addressed.  It appears there is one?

Tavis Ormandy wrote:
Susan, this is what is called "full disclosure", and my response was

I will not answer anymore uninformed questions on this topic.

Thanks, Tavis.

On Thu, Jun 10, 2010 at 09:02:37AM -0700, Susan Bradley wrote:
I'm not asking about disclosure.  I'm asking what happened to the level 
of communication between you and MSRC that after 4 days you posted this?

Tavis Ormandy wrote:
Susan, I wish I had the time to hold your hand through getting up to
speed on the disclosure debate. Instead, I would suggest starting with
the links in my advisory which were intended to give you enough
background to understand the issues involved (skip to the Notes section,
if you like).

As I cannot hope to speak as eloquently on the topic as Bruce, I will
not attempt to repeat them for you here.

If after researching the topic you still have questions, please let me

Thanks, Tavis.

On Thu, Jun 10, 2010 at 08:36:09AM -0700, Susan Bradley wrote:
I'm not an enterprise customer, but I am a mouthy female. So here's my 
question back to you, for my education, how exactly did MSRC contact you 

Since June 5th have you tried emailing back or any of your contacts from 
past interactions and asked what was up?  I'm disappointed in this lack 
of communication I see on both sides.  You are ...well... Tavis 
Ormandy... I seriously doubt MSRC is blowing you off here.

Keep in mind we just had a LARGE patch week to deal with.  I don't know 
what was going on on their side, nor making excuses as I don't know what 
communication you've had in the past and had on this issue ... I'm just 
saying I would have spent a little more time getting mad at them and 
sent a lot more emails back to them before posting this.

(And try dealing with Microsoft licensing sometime if you think security 
communication is lacking)



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]