On Thu, 27 Apr 2006, Brian Eaton wrote:Please note that I ask this out of curiousity, and not in an attempt to be critical. Why not give MSRC a head start of one week?
Michal Zalewski wrote:
Because, among other things I've already mentioned, it will in no way affect when they're going to release a patch. Their official policy is to stick to a weird schedule.
Unfortunately, given Microsoft's recent behavior, Michal's right. Further, I too have seen the data showing much faster response times when Microsoft is blindsided. The only question that remains is whether some inherent sense of fairness on the part of the reporter dictates notifying the vendor first, even though it likely won't do any good.
-- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/