Disclosure of Security Threats/Vulnerabilities


I’ve been having an interesting open dialog with Steve Jones (SQL Server Central) on the issue of disclosing security vulnerabilities. You can read the thread here: http://www.sqlservercentral.com/forums/shwmessage.aspx?forumid=263&messageid=267111


Feel free to chime in.


Comments (2)

  1. wahaha says:

    What do you propose? Send an email to customer services at MS, what if the person doesnt have a "support call" with MS LOL.  Post it on usenet, post it on forums thats the only way because nobody at MS call centers listen all they want is your support contract details.  You do not have a public facing bug database, no (obvious and easy) channels for people to report this so SUFFER.

  2. If you’ve found a potential security vulnerability in a Microsoft product you can report it here: https://www.microsoft.com/technet/security/bulletin/alertus.aspx. And this is free!