MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
security
Search

Microsoft Explains How it Decides Whether a Vulnerability Will Be Patched Swiftly or Left For a Version Update

Wednesday June 13, 2018. 04:39 PM , from Slashdot
Microsoft has published a new draft document clarifying which security bugs will get a rapid fix and which it will let stew for a later release. From a report: The document outlines the criteria the Microsoft Security Response Center uses to decide whether a reported vulnerability gets fixed swiftly, usually in a Patch Tuesday security update, or left for a later version update. Microsoft said in a blogpost the document is intended to offer researchers 'better clarity around the security features, boundaries and mitigations which exist in Windows and the servicing commitments which come with them.' The criteria revolve around two key questions: 'Does the vulnerability violate a promise made by a security boundary or a security feature that Microsoft has committed to defending?'; and, 'Does the severity of the vulnerability meet the bar for servicing?' If the answer to both questions is 'yes', the bug will be patched in a security update, but if the answer to both is 'no', the vulnerability will be considered for the next version or release of the affected product or feature.

Read more of this story at Slashdot.
rss.slashdot.org/~r/Slashdot/slashdot/~3/ApMsD6TictU/microsoft-explains-how-it-decides-whether-a-vul...

Related News

News copyright owned by their original publishers | Copyright © 2004 - 2018 Zicos / 440Network
Current Date
Aug, Wed 15 - 09:10 CEST