Microsoft partners with security community to help reduce risk

A vulnerability is a weakness that enables a cybercriminal to attack computer hardware, software, or services. Companies or individuals sometimes find vulnerabilities in the software of other companies, and there are different ideas about what to do with that information. Some companies disclose it publicly, possibly with the idea of pressuring the owner to fix it quickly. However, this also exposes vulnerabilities to cybercriminals.

Last summer Microsoft announced that we would be working directly with researchers and vendors to minimize the security risks for customers through a process called Coordinated Vulnerability Disclosure (CVD). Last week we announced an update to this process.

Here’s a simple description of how CVD works:

Finders disclose newly discovered vulnerabilities in hardware, software, and services directly to the vendors of the affected product or to a coordinator who will report to the vendor privately. The finder then allows the vendor time to diagnose and offer fully tested updates, workarounds, or other corrective measures before the finder discloses detailed vulnerability or exploit information to the public.

The vendor continues to coordinate with the finder throughout the vulnerability investigation and provides the finder with updates on case progress. Upon release of an update, the vendor may recognize the finder in bulletins or advisories for finding and privately reporting the issue.

For a more detailed description, see Microsoft Security Response Center: Coordinated Vulnerability Disclosure or watch a video about how CVD works at TechNet Edge.


 

 

About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

1 comments
  1. Anonymous

    I CAN NOT SEND GIFTS ON FARMVILLE ON FACE BOOK I WANT YOU TO FIX IT SO I CAN SEND GIFTS TO MT FRIENDS   I AM VERY UPSET

Comments are closed.