Microsoft, whose software has been at the center of several recent high-profile security incidents, has decided to turn up the heat on those the company considers at least partially responsible: security firms and hackers who release sample programs to exploit software flaws. This week, Scott Culp, manager for Microsoft's security response center, published an essay on the company's site decrying the information and example code released by some companies and independent security consultants as "information anarchy." Such information led directly to many of this year's most vicious worm attacks, he said. "It's high time the security community stopped providing the blueprints for building these weapons," Culp wrote in the essay. "And it's high time that computer users insisted that the security community live up to its obligation to protect them." The essay reopens the debate among security professionals over whether information on software flaws should be kept confidential or freely publicized.
|