Thursday, December 27, 2007

Security Vulnerability Research & Defense

The Microsoft "Secure Windows Initiative" (SWI) teams are hosting a new blog where they will be providing expanded information on Microsoft vulnerabilities, mitigations and workarounds, and active attacks. This information will be above and beyond what has been made available in the MSRC Blog.

As explained in the "about" document for the new blog, as information of the nature listed below is discovered in their research, the SWI team hopes to share it in their blog postings.

From About Security Vulnerability Research & Defense:
  • Workarounds are not 100% effective in every situation, every attack vector
  • Workarounds that are specific to a particular attack
  • Super complicated workarounds that work but cannot be recommend to all customers
  • Interesting mitigations that might not be present in all cases
  • “Best Practices” type guidance that applies to a particular vulnerability
  • Group policy deployment guidance
  • “Interesting” facts about a vulnerability Microsoft is fixing that will help customers learn more about Windows, the security infrastructure, or the way we conduct security investigations
  • Debugging techniques and information on how to triage security vulnerabilities
  • Overview of some of the challenges that we face when fixing specific security bugs
I incorporated a link to the Security Vulnerability Research & Defense blog in the Microsoft Security links section in the left column here at Security Garden.

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: