[WEB SECURITY] "Microsoft's Security Response Center: How Little Patches Are Made"

robert at webappsec.org robert at webappsec.org
Fri Jun 10 09:26:03 EDT 2005

This eweek article discusses the security patch process at Microsoft. 

"ORLANDO, Fla. Anxious to shed the company's image as having a lax attitude about software 
security, officials at the Microsoft Security Response Center are using the Tech Ed conference 
here to provide a rare glimpse at the step-by-step process used to create, test and roll out 
security patches.

The software maker trained the spotlight on the operations of the MSRC during breakout sessions 
and one-on-one discussions with customers, stressing that all publicly and privately reported 
vulnerabilities are thoroughly investigated to determine whether customers are at risk.

"We're on all the [security mailing] lists, just like you are, and we investigate everything, even 
if it's a post about a simple weird behavior in a product," said MSRC program manager Stephen 

By monitoring the public lists and underground hacker sites, Toulouse said the company is able to 
keep track of discussions about vulnerabilities that may not have been reported to Microsoft" - eweek


- Robert Auger

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list