Language Selection

English French German Italian Portuguese Spanish

M$ Launches Security Advisory

Filed under
Microsoft
Humor

Microsoft has unveiled a new security advisory service to plug the gap between public disclosure of a vulnerability and the availability of a patch.

Dubbed Microsoft Security Advisories, the service is a pilot program begun in response to customer requests, Stephen Toulouse, the program manager of Microsoft Security Research Center (MSRC), said in an interview.

"When we got down to it, in the absence of a bulletin, customers wanted us to provide authoritative guidance on security related topics," Toulouse said.

Microsoft's security advisories--the first two of which were issued Tuesday--will offer early workarounds for vulnerabilities before a patch is ready. "If there was public vulnerability posted, the advisories could be used to provide guidance on workarounds," said Toulouse.

In cases such as those, expect to see the advisories morph into actual bulletins, Toulouse added. "We'd put the advisory up, and when a patch is ready, use it to point to the bulletin," he noted.

The advisories will follow the general format of the existing security bulletins, because feedback for the latter has been positive and users are familiar with the layout. The two advisories rolled out Tuesday, for example, offer subsections titled "Overview" and "Frequently Asked Questions," just as do Microsoft's monthly security bulletins.

Full Story.

More in Tux Machines

Xine Media Player Review – Powerful but Outdated

Xine is both an open source multimedia playback engine and a video playback application that's been around for a very long time. The number of people using this application has diminished, and there are few maintained third-party apps that are based on this engine. We'll take a closer look at the application to see why this is happening. Read more

Wine Announcement

The Wine development release 1.7.30 is now available. What's new in this release (see below for details): - More support for fonts in DirectWrite. - Improved ATL thunk support. - A few more C runtime functions. - Regedit import/export fixes. - Various bug fixes. Read more

CoreOS offers private Docker container registries for world+dog

Container-loving Linux vendor CoreOS has made its on-premises Docker container registry software available as a standalone product. Previously, CoreOS Enterprise Registry was only available as part of the company's Premium Managed Linux offering, which it describes as "OS as a service." As of Thursday, it is now available for use with any Docker-enabled OS – and these days, what Linux distro hasn't gone gaga for Docker? Even Microsoft is getting into the act. Read more

Manjaro Works To Make Calamares A Distribution-Independent Installer

The Arch-based Manjaro crew has been developing Calamares, an open-source installation framework they hope will basically lead to being a universal Linux distribution installer. The Manjaro camp has been developing Calamares as a distribution installer framework they'll be using for Manjaro 0.9+ and they also hope other Linux distributions will adopt it so it can become somewhat of a universal Linux installer so each distribution camp no longer keeps needing to write their own installer. Read more