full-disclosure-uk January 2010 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] Perhaps it's time to r

Re: [Full-disclosure] Perhaps it's time to regulate Microsoft as Critical Infrastructure?

From: Christian Sciberras <uuf6429_at_nospam>
Date: Mon Jan 25 2010 - 22:46:46 GMT
To: Valdis.Kletnieks@vt.edu


Some people think or assume that MS lays eggs daily. As if the security team at MS stayed leg over the other waiting for some bug to crop up some day.

On Mon, Jan 25, 2010 at 11:11 PM, <Valdis.Kletnieks@vt.edu> wrote:

> On Mon, 25 Jan 2010 20:03:03 -0200, Rafael Moraes said:
> > This is a subject that need to be discussed very carefully. I agree, It
> > should be "controlled", but, how far?
>
> In particular, one must be *very* careful to not create unintended
> consequences. For instance, in general the more regulated an industry is,
> the
> more risk-adverse the companies get - both because regulation implies
> "don't
> rock the boat" and the second-order effects of compliance paperwork and
> similar
> issues. Look at the mountains of paperwork needed to get the FAA to
> type-certify a new airplane as airworthy - what if Microsoft had to do that
> level of detail for Windows 8, the next release of Exchange, and the next
> release of Office?
>
> How do you make Microsoft "regulated" in any meaningful sense, and still
> allow
> them the ability to ship an out-of-cycle patch?
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/