Language Selection

English French German Italian Portuguese Spanish

M$ Launches Security Advisory

Filed under
Microsoft
Humor

Microsoft has unveiled a new security advisory service to plug the gap between public disclosure of a vulnerability and the availability of a patch.

Dubbed Microsoft Security Advisories, the service is a pilot program begun in response to customer requests, Stephen Toulouse, the program manager of Microsoft Security Research Center (MSRC), said in an interview.

"When we got down to it, in the absence of a bulletin, customers wanted us to provide authoritative guidance on security related topics," Toulouse said.

Microsoft's security advisories--the first two of which were issued Tuesday--will offer early workarounds for vulnerabilities before a patch is ready. "If there was public vulnerability posted, the advisories could be used to provide guidance on workarounds," said Toulouse.

In cases such as those, expect to see the advisories morph into actual bulletins, Toulouse added. "We'd put the advisory up, and when a patch is ready, use it to point to the bulletin," he noted.

The advisories will follow the general format of the existing security bulletins, because feedback for the latter has been positive and users are familiar with the layout. The two advisories rolled out Tuesday, for example, offer subsections titled "Overview" and "Frequently Asked Questions," just as do Microsoft's monthly security bulletins.

Full Story.

More in Tux Machines

10 tips for easier collaboration between office suites

Yes, you are likely using the Microsoft formats for your documents. However, they don't always follow OpenDocument Format (ODF) standards. Instead of opting for the proprietary Microsoft formats, switch over to one that's welcomed by nearly all office suites: ODF. You'll find a much more seamless collaboration process and fewer gotchas when moving between office suites. The only platform that can have a bit of trouble with this format is Android. The one Android office suite that works well with ODF is OfficeSuite 7 Pro. Read more

Outsourcing your webapp maintenance to Debian

It turns out that I'm not the only one who thought about this approach, which has been named "debops". The same day that my talk was announced on the DebConf website, someone emailed me saying that he had instituted the exact same rules at his company, which operates a large Django-based web application in the US and Russia. It was pretty impressive to read about a real business coming to the same conclusions and using the same approach (i.e. system libraries, deployment packages) as Libravatar. Regardless of this though, I think there is a class of applications that are particularly well-suited for the approach we've just described. If a web application is not your full-time job and you want to minimize the amount of work required to keep it running, then it's a good investment to restrict your options and leverage the work of the Debian community to simplify your maintenance burden. The second criterion I would look at is framework maturity. Given the 2-3 year release cycle of stable distributions, this approach is more likely to work with a mature framework like Django. After all, you probably wouldn't compile Apache from source, but until recently building Node.js from source was the preferred option as it was changing so quickly. While it goes against conventional wisdom, relying on system libraries is a sustainable approach you should at least consider in your next project. After all, there is a real cost in bundling and keeping up with external dependencies. Read more

How Intel HD Graphics On Linux Compare To Open-Source AMD/NVIDIA Drivers With Steam On Linux

As earlier this week I did a 20-way AMD Radeon open-source comparison, looked at the most energy efficient Radeon GPUs for Linux gaming, and then yesterday provided a look at the fastest NVIDIA GPUs for open-source gaming with Nouveau, in this article is a culmination of all the open-source graphics tests this week while seeing how Intel Haswell HD Graphics fall into the mix against the open-source Radeon R600/RadeonSI and Nouveau NV50/NVC0 graphics drivers. Read more

Leftovers: Gaming