>>So you admit that vendors lying, denying or sandbagging on bugs and security holes is a wrong. Good for you! You are halfway to the truth. Now, the other half is that you, your customers, me and other consumers have the RIGHT to be fully informed about potential bugs and security holes in software we purchase as quickly as they are learned about, not at the convenience of the vendor.
>
>
>Jerry;
>
>We don’t have no stinking rights. At the same time the software vendors have no rights to limit disclosure of software anomalies (bugs). Now, someone may at some point pass a law or laws concerning this topic and then we will have “firm ground” to stand upon. Right now it is a free for all and not improving.
Unfortunately, you are probably right on both counts. However, what Microsoft is proposing is a return to the good-ole days when Unix vendors used the 'obscurity is the best security' bluff. While Microsoft was a young company and competing strongly in the PC space they ignored or refused to admit bugs, but let other folks do what they wished. Now, since they found out the the DOJ settlement would be toothless, they have reverted to form and are attempting to use their illegal monopoly power to intimidate security folks into silence. Some, because of who know what leverage (we won't roll your security app into our OS if you will....) have 'signed' on, thus effectively destroying their credibility as an independent and unbiased security agency. Most companies and consumers realize this and will no longer use their 'services'. Why pay, or pay attention to them if they won't inform you of the latest security risks?
Nebraska Dept of Revenue