Microsoft has launched a blog to provide information about mitigations and workarounds for vulnerabilities in its software, which it says it will use to share more in-depth technical information about vulnerabilities serviced by its regular security updates.
In the Security Vulnerability Research and Defense blog, security researchers at the software giant will give technical information about vulnerabilities fixed on "Patch Tuesday", Microsoft's monthly security patch cycle. Comments to posts, said Microsoft, will not automatically appear on the blog. Instead, IT professionals are invited to email questions and feedback to the researchers.
"Frankly, we're concerned that if comments are allowed, we may see some inappropriate comments," wrote one Microsoft researcher.
The software giant's New Year's resolution is to reveal more of its security practices. "During our vulnerability research, we discover a lot of interesting technical information," one of the researchers anonymously wrote in a blog post. "We're going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds and mitigations will help you more effectively secure your organization."
Information provided will include workarounds that are "not 100 percent effective in every situation", warned the researchers, who said that security bulletins and advisories remain "the ultimate authority".
Other information will include "super-complicated workarounds that work but cannot be recommended to all customers", and advice on security triage for particular vulnerabilities.
Matt Asay, a general manager at open-source Web-content management company Alfresco, wrote that providing more security information in the blog was a "good step for Microsoft to take".
"Security isn't something to hide," Asay wrote in a CNET News.com blog post. "Users are better off knowing more in most cases, rather than less. Knowledge, especially when it comes to security, is power."
The Microsoft security researchers who will contribute to the blog are Damian Hasse, lead security software engineer at Microsoft; Jonathon Ness, who heads the Secure Windows Initiative defense team; and Greg Wroblewski, Microsoft senior security engineer.
The Security Vulnerability Research and Defense blog launched on Thursday last week, and joins other Microsoft security blogs such as %41%43%45%20%54%65%61%6d, a penetration testing blog, and the Anti-Malware Engineering Team blog.
Play video
There are currently no comments for this post.