Microsoft opens up its security work
Software giant is taking the covers off its security intelligence. About time.
Microsoft seems to finally be caving on the idea of security through obscurity. No, it's software isn't being open-sourced, but it is creating a public forum in which to discuss its security research and patch management process. The Microsoft Security Vulnerability Research and Defense blog is designed to "provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks."
Doesn't Microsoft already do this? Well, yes. Sort of. But the blog--which is maintained by what appears to be Microsoft's top security people--is meant to give a deeper look into how it manages security:
We periodically identify workarounds or mitigations like this that we can't use for official guidance because they're either too nuanced or have some exception cases. When we discover something potentially useful but are uncomfortable listing it in the bulletin, we'll do our best to describe it here in this blog.
This is a good step for Microsoft to take. Security isn't something to hide. Users are better off knowing more in most cases, rather than less. Knowledge, especially when it comes to security, is power.