Microsoft opens up its security work

Software giant is taking the covers off its security intelligence. About time.

Microsoft seems to finally be caving on the idea of security through obscurity. No, it's software isn't being open-sourced, but it is creating a public forum in which to discuss its security research and patch management process. The Microsoft Security Vulnerability Research and Defense blog is designed to "provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks."

Doesn't Microsoft already do this? Well, yes. Sort of. But the blog--which is maintained by what appears to be Microsoft's top security people--is meant to give a deeper look into how it manages security:

We periodically identify workarounds or mitigations like this that we can't use for official guidance because they're either too nuanced or have some exception cases. When we discover something potentially useful but are uncomfortable listing it in the bulletin, we'll do our best to describe it here in this blog.

This is a good step for Microsoft to take. Security isn't something to hide. Users are better off knowing more in most cases, rather than less. Knowledge, especially when it comes to security, is power.

About the author

    Matt Asay is chief operating officer at Canonical, the company behind the Ubuntu Linux operating system. Prior to Canonical, Matt was general manager of the Americas division and vice president of business development at Alfresco, an open-source applications company. Matt brings a decade of in-the-trenches open-source business and legal experience to The Open Road, with an emphasis on emerging open-source business strategies and opportunities. He is a member of the CNET Blog Network and is not an employee of CNET. You can follow Matt on Twitter @mjasay.


    Discuss Microsoft opens up its security work

    Conversation powered by Livefyre

    Show Comments Hide Comments