Skip to main content

Microsoft To Responsibly Disclose Vulnerabilities

Software giant Microsoft has made some key changes in its vulnerability disclosure policies that are targeted towards make vulnerability a coordinated and collaborated effort.

According to a post on the Technet blog, the company has introduced a new Coordinated Vulnerability Disclosure (CVD) at Microsoft document which simplifies how Microsoft discloses security vulnerabilities in its own software as well as third party software.

Microsoft also informed that it was releasing the first set of advisories under its Microsoft Vulnerability Research (MSVR) program. The company said that it had privately told certain software vendors about vulnerability in their offerings, which had now been fixed.

The company has also established an internal corporate Disclosure of Vulnerabilities policy which laid down protocols for employees to follow when they discover vulnerability in a third party product.

“We believe the most effective approach to security is a comprehensive Security Development Lifecycle that reduces or mitigates vulnerabilities before a product is released. After a product or service is released, we feel security is a shared responsibility across the broad community,” Microsoft said.

“By working together through coordinated efforts when vulnerabilities are identified, we can effectively minimize customer risk while a solution is developed,” the company added.