FW: Improvements to Microsoft Security Reponse Communications
From: Karan Mavai (kmavai@HOTMAIL.COM)
Date: 11/19/02
- Previous message: Georgi Guninski: "Re: bind 8 info update regarding ISS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 19 Nov 2002 00:15:41 -0800 From: Karan Mavai <kmavai@HOTMAIL.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
-----Original Message-----
From: Microsoft
[mailto:0_41167_1E777D2B-6849-694C-B143-CAFA86B39062_CA@Newsletters.Micr
osoft.com]
Sent: Tuesday, November 19, 2002 12:00 AM
-----BEGIN PGP SIGNED MESSAGE-----
Dear Microsoft Customer,
I'm taking the unusual step of sending this mail to the Microsoft
Security Notification Service mailing list to tell you about some
changes in communications practices that the Microsoft
Security Response Center is making.
Customer feedback tells us that, while technical professionals
value our security bulletins, many end-users find them overly
detailed and confusing. In addition, end-users who subscribe
to the Microsoft Security Notification Service receive bulletins
that are of interest only to developers or system
administrators.
To help customers, for each issue, we will now create a less
technical end-user security bulletin that we will host at
http://www.microsoft.com/security/. We will continue to
release the current security bulletins targeted to technical
professionals. The new end-user security bulletins will describe
straightforward steps that customers can take to help keep
their systems secure.
In addition, before year's end, we will create a new End User
Security Notification Service that will notify customers of
security issues in end-user-oriented products and provide a link
to the appropriate end-user security bulletin.
The TechNet security bulletins will continue to include technical
details that enable IT professionals to determine where and
whether a patch is needed or whether workarounds are an
appropriate alternative.
We have also received feedback that, while many customers
rely on our Security Bulletin Severity Ratings to help them
decide which patches to apply, they find that the ratings fail to
clearly identify the most serious issues. There is also a
widespread feeling that the Severity Ratings are difficult to
understand and apply. For these reasons, we have modified the
Severity Rating criteria to help customers more easily evaluate
the impact of security issues. We hope that this more
prescriptive guidance will help you distinguish the most urgent
security issues. I encourage you to review the updated
Microsoft Security Response Center Security Bulletin Severity
Rating System at
http://www.microsoft.com/technet/security/policy/rating.asp
Microsoft is committed to help keep your systems safe. As part
of that commitment, we regularly review customer feedback
and update our security response process to ensure that we are
doing all we can to meet your needs. We appreciate your
feedback and hope that you will find that these changes help
you keep your systems secure.
Thank you,
Steve Lipner
Director of Security Assurance
Microsoft Corp.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQEVAwUBPdkuIY0ZSRQxA/UrAQEm4wf+MJEySxj3zqhSIKIQVSJ2ZGMLQQSm6mpX
ZLgNPmzRysl9fsXjhTj+xk6vPTMig3IWgG9qYZu88wnIvLcoTaunwC4jJ+Wgk2xG
o3uXU5ZoilIvSdTAPqLKB2EagH7EKYpB90+R1M9JNZbHbZolCQtbxIpic/pH55IQ
fhjN4vYpn9iDnZ2FlgPL2dcPmMDa1PcKPHAyOTDxeoM9ioHTno8wCM8v+mjL0GLn
zyC4yaeEl0OpPUiRC8CQTKjGNmnP1W9STgSr490PUn42+DtXWLTn6Y8gkr8dxFPo
gU9RMYPpd6+v8wSe1taoQTJTwqJhYYHODetKVNuGK00oNs229YhyMA==
=tkoQ
-----END PGP SIGNATURE-----
*******************************************************************
You have received this e-mail bulletin because of your subscription to
the Microsoft Product Security Notification Service. For more
information on this service, please visit
http://www.microsoft.com/technet/security/notify.asp.
To verify the digital signature on this bulletin, please download our
PGP key at http://www.microsoft.com/technet/security/notify.asp.
To unsubscribe from the Microsoft Security Notification Service, please
visit the Microsoft Profile Center at
http://register.microsoft.com/regsys/pic.asp
If you do not wish to use Microsoft Passport, you can unsubscribe from
the Microsoft Security Notification Service via email as described
below:
Reply to this message with the word UNSUBSCRIBE in the Subject line.
For security-related information about Microsoft products, please visit
the Microsoft Security Advisor web site at
http://www.microsoft.com/security.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Demonstrate your knowledge and understanding of core IT Security, become
TICSA certified.
Are you responsible for IT security in job function, but not necessarily
in title? Do you want to prove your IT security knowledge and increase
opportunities? Interested? Visit;
http://www.trusecure.com/solutions/certifications/ticsa/
for more information.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Next message: Geo: "Re: [Full-Disclosure] NTmail (GMS) 8 filtering bug"
- Previous message: Georgi Guninski: "Re: bind 8 info update regarding ISS"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
