Microsoft Spurned Researcher Collective Created to Revolt Against Microsoft’s Abuse of Security Researchers
Summary: Microsoft’s hunting down of people who help spot defects in Microsoft products leads to backlash
MICROSOFT IS having confrontations over "critical" bugs (flaws) that affect Office 2010. Except for silent patching, Microsoft relies on policing of people who disclosure flaws in its software. Last month we showed how Microsoft daemonised a person who helped identify and report a serious flaw in Windows. Microsoft was shifting blame from its incompetent developers to people who find flaws in these developers’ work.
The “Microsoft Spurned Researcher Collective” has just been created by victims of Microsoft’s daeminisation and abuse tactics (with so-called ‘attack dogs’, who happen to be Microsoft boosters with blogs). Here are some of the details:
Security researchers irked by how Microsoft responded to Google engineer Tavis Ormany’s public disclosure of a zero-day Windows XP Help Center security bug have banded together to form a group called the Microsoft Spurned Researcher Collective*.
The group is forming a “union” in the belief that together they will be better placed to handle flak from Redmond and elsewhere following the publication of security flaws. A statement, published by The Windows Club blog, explains the Collective’s stance.
“Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective,” it said. “MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer.”
Microsoft is making too many enemies, even among security experts. This is a recipe for disaster. █