Disclosure of Security Threats/Vulnerabilities

I've been having an interesting open dialog with Steve Jones (SQL Server Central) on the issue of disclosing security vulnerabilities. You can read the thread here: <www.sqlservercentral.com/forums/shwmessage.aspx?forumid=263&messageid=267111>

Feel free to chime in.

Comments

• Anonymous
  March 22, 2006
  What do you propose? Send an email to customer services at MS, what if the person doesnt have a "support call" with MS LOL.  Post it on usenet, post it on forums thats the only way because nobody at MS call centers listen all they want is your support contract details.  You do not have a public facing bug database, no (obvious and easy) channels for people to report this so SUFFER.
• Anonymous
  March 31, 2006
  If you've found a potential security vulnerability in a Microsoft product you can report it here: https://www.microsoft.com/technet/security/bulletin/alertus.aspx. And this is free!