Monday, May 8, 2017

Petition for Microsoft to disclose data about MS17-010

Rendition Infosec is sponsoring a petition asking Microsoft to disclose telemetry data around MS17-010. We've highlighted a number of reasons why we feel this is important for the security community as a whole.

It is almost certain that Microsoft has data around how these vulnerabilities were exploited by attackers. Revealing this data will help us better understand decisions made in the vulnerability equities process. It will also enhance understanding about how likely it is that vulnerabilities discovered by APT attackers are independently rediscovered by others attack groups. Finally, it will help policy makers assess whether the exploits reportedly stolen (and subsequently released) by Shadow Brokers were likely used to exploit other targets before being released to the general public. If you work in infosec, think computer security is a good thing to have, and/or believe in transparency, please consider signing our petition, linked below:

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.