Ciscogate - Microsoft shows the way?
#151 I am wondering if Microsoft isn't capitalising on Cisco's recent souring of relations with the hacking and security community by getting their PR to spin this story 2 days after the Cisco-Lynn saga ("Microsoft wants to meet more hackers." )
However the CNET article makes for interesting reading and upon reflection one wonders if Cisco should't take a leaf out of Microsofts book as Microsoft have learnt a few hard lessons over the last two years when all hacking activity was focussed at their vulnerabilities. Come to think of it, Microsoft are far better off these days since less publicised virus and malicious code outbreaks are being linked to flaws in their software and an intense focus on rectifying flaws in their software coupled with some aggressive patch updates over the last two years seems to have turned hackers attentions elsewhere.
The story shows how much Microsoft has "cosied up" to the hacking community with its highly successfull "Blue Hat" date with hackers becoming a regular affair, with biannual events where outsiders demonstrate flaws in Microsoft's product security. At Black Hat, Microsoft rented the Pure Nightclub in Caesars Palace on Thursday to treat the security community to a party with techno music and free cocktails. The company also threw an after-party at another Las Vegas hotel. By hosting such parties and the Blue Hat event, Microsoft may be seeking to influence the security community. For example, Microsoft regularly preaches "responsible disclosure" of flaws, in which software makers are given time to repair a problem. Microsoft doesn't want researchers to go public with information on vulnerabilities before the company has had a chance to provide a patch.
More recently, 3Com and iDefence announced that they would pay rewards (see blog entry bidding war for vulnerabilities) to individuals who provide information on product/software vulnerabilities so that they could update their security products to mitigate the vulnerability.
Sure, Microsoft products have significantly more potential flaw vectors than Cisco's, but I'm sure Cisco could take a leaf out of their (and others') book instead of the heavy-handed "siege mentality" approach the community seems to be lambasting them for right now.
However the CNET article makes for interesting reading and upon reflection one wonders if Cisco should't take a leaf out of Microsofts book as Microsoft have learnt a few hard lessons over the last two years when all hacking activity was focussed at their vulnerabilities. Come to think of it, Microsoft are far better off these days since less publicised virus and malicious code outbreaks are being linked to flaws in their software and an intense focus on rectifying flaws in their software coupled with some aggressive patch updates over the last two years seems to have turned hackers attentions elsewhere.
The story shows how much Microsoft has "cosied up" to the hacking community with its highly successfull "Blue Hat" date with hackers becoming a regular affair, with biannual events where outsiders demonstrate flaws in Microsoft's product security. At Black Hat, Microsoft rented the Pure Nightclub in Caesars Palace on Thursday to treat the security community to a party with techno music and free cocktails. The company also threw an after-party at another Las Vegas hotel. By hosting such parties and the Blue Hat event, Microsoft may be seeking to influence the security community. For example, Microsoft regularly preaches "responsible disclosure" of flaws, in which software makers are given time to repair a problem. Microsoft doesn't want researchers to go public with information on vulnerabilities before the company has had a chance to provide a patch.
More recently, 3Com and iDefence announced that they would pay rewards (see blog entry bidding war for vulnerabilities) to individuals who provide information on product/software vulnerabilities so that they could update their security products to mitigate the vulnerability.
Sure, Microsoft products have significantly more potential flaw vectors than Cisco's, but I'm sure Cisco could take a leaf out of their (and others') book instead of the heavy-handed "siege mentality" approach the community seems to be lambasting them for right now.
posted by Dwaine at 8/02/2005
0 Comments:
Post a Comment
<< Home