MICROSOFT IS having confrontations over "critical" bugs (flaws) that affect Office 2010. Except for silent patching, Microsoft relies on policing of people who disclosure flaws in its software. Last month we showed how Microsoft daemonised a person who helped identify and report a serious flaw in Windows. Microsoft was shifting blame from its incompetent developers to people who find flaws in these developers' work.
Security researchers irked by how Microsoft responded to Google engineer Tavis Ormany's public disclosure of a zero-day Windows XP Help Center security bug have banded together to form a group called the Microsoft Spurned Researcher Collective*.
The group is forming a "union" in the belief that together they will be better placed to handle flak from Redmond and elsewhere following the publication of security flaws. A statement, published by The Windows Club blog, explains the Collective's stance.
“Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective," it said. "MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer.”