Re: Microsoft Security Bulletin Severity Rating System Changes
From: Bill Sanderson (Bill_Sanderson@msn.com.plugh.org)
Date: 11/19/02
- Next message: Steven Burns: "Frustrated :("
- Previous message: Jerry Bryant [MS]: "Re: Microsoft Security Bulletin Severity Rating System Changes"
- In reply to: Jerry Bryant [MS]: "Re: Microsoft Security Bulletin Severity Rating System Changes"
- Next in thread: Kent W. England [MVP]: "Critical now means "Critical and Important" [was Re: Microsoft Security Bulletin Severity Rating System Changes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> Date: Tue, 19 Nov 2002 13:18:44 -0500
These are great references--the Home user-related ones would be great to add
to many posts here and in the virus forum.
"Jerry Bryant [MS]" <jbryant@online.microsoft.com> wrote in message
news:Oun99t#jCHA.2772@tkmsftngp10...
> > work I want to do inside this monster on my desk. Last week I began
> looking for
> > "ordinary" security measures for the "common man" so to speak, and have
> not
> > found what I need.
>
> Microsoft is trying to address these types of scenarios at
> www.microsoft.com/security.
>
> For home users, there is a specific section:
> http://www.microsoft.com/security/home/
>
> You may be interested in the following as well:
>
> Follow 7 steps to help personal computing security
> http://www.microsoft.com/security/articles/steps_default.asp
>
> 5-minute security advisor
> http://www.microsoft.com/TechNet/Columns/Security/5Min/Default.asp
>
> --
> Regards,
>
> Jerry Bryant - MCSE, MCDBA
> Microsoft IT Communities
>
> Get Secure! www.microsoft.com/security
>
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> "D. Small Gilligan" <jgillig1@nycap.rr.com> wrote in message
> news:OvXn9e#jCHA.1652@tkmsftngp09...
> > This is most excellent news. I think the lack of information for
> > end-users
> > contributed a lot to the disasters (windows updates, trashing of
> > programs,
> etc)
> > which hundreds of thousands have experienced in the last few months.
> > Since
> we
> > were basically fed technical information, trying to use that information
> surely
> > must have broken a lot of things. I'm a long way from being a
> > technician,
> but
> > I've had to learn a lot more than I wanted just to be able to do the
> > kind
> of
> > work I want to do inside this monster on my desk. Last week I began
> looking for
> > "ordinary" security measures for the "common man" so to speak, and have
> not
> > found what I need.
> >
> > I was interested in a small article I picked up the other day which
> > leads
> me to
> > believe that there will probably be another age coming up for computers
> > regarding security.
> >
> > MS Takes Hard Line on Security
> > Source: Wired News
> > Date Written: November 14, 2002
> > Date Collected: November 15, 2002
> >
> > Craig Mundie of Microsoft released a statement on Microsoft Inc.'s
> Trustworthy
> > Computing initiative. Mundie announced November 13, 2002 "that in
> > response
> to
> > the threat of terrorist cyberattacks, Microsoft would deploy security
> fixes to
> > its installed base of hundreds of millions of computers worldwide in the
> coming
> > year -- even if those fixes break applications in use by customers." He
> also
> > said that, "We're going to tell people that even if it means we're going
> to
> > break some of your apps, we're going to make these things more secure.
> You're
> > just going to have to go back and fix it." Mundie went on to say that
> increased
> > spending on development and maintenance is necessary to increase
> > security.
> He
> > also indicated that Microsoft's business model, the push to increase
> revenue
> > with sales of new software with new features, might have created a
> situation in
> > which less than secure code was produced. Mundie said that every
> > Microsoft
> > project has a security function portion.
> >
> > http://www.wired.com/news/technology/0,1282,56381,00.html
> > Also - http://www.pcworld.com/news/article/0,aid,106928,00.asp
> >
> >
> ............................................................................
> ....
> > ..............
> > "Hank Arnold" <rasilon@aol.com> wrote in message
> > news:#pAiMY7jCHA.2672@tkmsftngp09...
> > > I just got an e-mail with the following:
> > >
> > > =====================================
> > > Dear Microsoft Customer,
> > >
> > > I'm taking the unusual step of sending this mail to the Microsoft
> Security
> > > Notification Service mailing list to tell you about some changes in
> > > communications practices that the Microsoft Security Response Center
> > > is
> > > making.
> > >
> > > Customer feedback tells us that, while technical professionals value
> > > our
> > > security bulletins, many end-users find them overly detailed and
> confusing.
> > > In addition, end-users who subscribe to the Microsoft Security
> Notification
> > > Service receive bulletins that are of interest only to developers or
> system
> > > administrators.
> > >
> > > To help customers, for each issue, we will now create a less technical
> > > end-user security bulletin that we will host at
> > > http://www.microsoft.com/security/. We will continue to release the
> current
> > > security bulletins targeted to technical professionals. The new
> > > end-user
> > > security bulletins will describe straightforward steps that customers
> can
> > > take to help keep their systems secure.
> > >
> > > In addition, before year's end, we will create a new End User Security
> > > Notification Service that will notify customers of security issues in
> > > end-user-oriented products and provide a link to the appropriate
> end-user
> > > security bulletin.The TechNet security bulletins will continue to
> include
> > > technical details that enable IT professionals to determine where and
> > > whether a patch is needed or whether workarounds are an appropriate
> > > alternative.
> > >
> > > We have also received feedback that, while many customers rely on our
> > > Security Bulletin Severity Ratings to help them decide which patches
> > > to
> > > apply, they find that the ratings fail to clearly identify the most
> serious
> > > issues. There is also a widespread feeling that the Severity Ratings
> > > are
> > > difficult to understand and apply. For these reasons, we have modified
> the
> > > Severity Rating criteria to help customers more easily evaluate the
> impact
> > > of security issues. We hope that this more prescriptive guidance will
> help
> > > you distinguish the most urgent security issues. I encourage you to
> review
> > > the updated Microsoft Security Response Center Security Bulletin
> Severity
> > > Rating System at
> http://www.microsoft.com/technet/security/policy/rating.asp
> > >
> > > Microsoft is committed to help keep your systems safe. As part of that
> > > commitment, we regularly review customer feedback and update our
> security
> > > response process to ensure that we are doing all we can to meet your
> needs.
> > > We appreciate your feedback and hope that you will find that these
> changes
> > > help you keep your systems secure.
> > >
> > > Thank you,
> > >
> > > Steve Lipner
> > >
> > > Director of Security Assurance
> > >
> > > Microsoft Corp.
> > >
> > > =====================================
> > >
> > > --
> > > Regards,
> > > Hank Arnold
> > > "Jerry Bryant [MS]" <jbryant@online.microsoft.com> wrote in message
> > > news:e2qo9$1jCHA.1584@tkmsftngp11...
> > > > The Microsoft Security Response Center is modifying the severity
> rating
> > > > scheme for Microsoft issued security bulletins. These changes will
> > > > be
> > > > announced on Monday afternoon, November 18, 2002.
> > >
> > >
> >
> >
>
>
- Next message: Steven Burns: "Frustrated :("
- Previous message: Jerry Bryant [MS]: "Re: Microsoft Security Bulletin Severity Rating System Changes"
- In reply to: Jerry Bryant [MS]: "Re: Microsoft Security Bulletin Severity Rating System Changes"
- Next in thread: Kent W. England [MVP]: "Critical now means "Critical and Important" [was Re: Microsoft Security Bulletin Severity Rating System Changes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
