Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: [Full-disclosure] Reuters: Microsoft to give holes info to UncleSam first - responsible vendor notification may not be a good idea anymore...
From: J.A. Terranson (measlmfn.org)
Date: Sat Mar 12 2005 - 15:34:50 CST
On Sat, 12 Mar 2005, joe wrote:
> I didn't see Tamas' original note but this program isn't an early patch
> release program. It is a program for beta testing patches just like the
> other beta's MS and other companies do. It is simply locked down
> considerably more due to the possible issues surrounding it. The patches
> could definitely change prior to actual public launch.
Nevertheless, you and I both know that this program will be used as an
early patch release program, and will in fact serve as such once the
soon-to-be-released patches are finalized on these preliminary machines.
> As such, the patches aren't intended to be loaded on production equipment
HahahahAHAHAHahahhaAAhhAahahaha!!!! Microsoft? Not intended for
> and in fact it is explicitely stated to not load it in production if I
> recall corrrectly. The intent is for external customer test labbing to find
> the most egregious issues and functionality breaks they may cause so it
> doesn't impact the user community at large. The folks brought into the beta
> are the ones most likely to test the patches on a wide variety of scenarios.
As someone who has seen this program from the inside, I am here to tell
you you are WRONG. That' spelled W-R-O-N-G, just in case you were not
These programs MAY have as input large "shops" which can help test, but it
also includes "priority" customers (Govt, the critical 8 in
infrastructure, etc.), most of whom will *never* provide any feedback data
to the patch supplier.
> Unlike many of the other betas, you have an actual testing and feedback
> requirement and have to agree to that requirement before being allowed in.
Then we are talking about different programs. There ARE early release
programs, and this reads as one.
> previously was a consultant at a large company that was asked if they wanted
> to be in this program and we declined because we couldn't handle the
> additional workload that it required as a participant. We just didn't have
> the resources available.
OK, lets assume that this is a different program. I stand by my assertion
that an early patch release program that caters solely to government and
the critical 8 is good public policy (and currently implemented).
> Here is a link that maybe makes the test nature a little more clear
"Quadriplegics think before they write stupid pointless
shit...because they have to type everything with their noses."
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://www.secunia.com/