We all know how Microsoft likes to bully its many 'partners', so it comes as no surprise that the Beast has decided to apply its partnership muscle to silence the software and network security research community. The company is currently . . .
We all know how Microsoft likes to bully its many 'partners', so it comes as no surprise that the Beast has decided to apply its partnership muscle to silence the software and network security research community. The company is currently shopping a 'security partnership agreement', which would open up reams of MS vulnerability data to those firms which capitulate to its censorship demands while leaving all others out in the cold, The Register has learned.
Terms of the partnership agreement include provisions which would enjoin partners from releasing 'detailed' vulnerability data over a 'blackout' period. Our information is in conflict here; we've heard that the blackout could be 45 days, a la CERT, or as long as six months, or indefinitely, until a fix is developed.
It's likely that several drafts of the agreement are in circulation, and this uncertainty indicates the minimum and maximum periods currently under consideration.