• Patch Monday

    Home » Forums » Newsletter and Homepage topics » Patch Monday

    Tags:

    Author
    Topic
    woody
    Manager
    September 21, 2013 at 6:53 am #54094

    I’m fed up with the botched patches. In September we’ve had TWELVE recalled and re-worked patches that were sent down the Automatic Update chute.I hav
    [See the full post at: Patch Monday]

    Reply | Quote
    Viewing 0 reply threads
    Author
    Replies
    • WL
      Guest
      September 21, 2013 at 12:59 pm #54095

      Interesting proposal.

      I didn’t understand until page 2 that by “volunteers” you meant everyone: “Why not give everybody and his brother an early crack at them”.

      I think one day is too short a time, resulting in manic activity: “Manic Patch Monday”. I understand the short time, if the patches are opened to everyone, to discourage reverse engineering, already in “Exploit Wednesday”.

      However, even NOW, Microsoft does NOT listen to security warnings even months in advance, from security experts and others in the IT field. Even if they set up dedicated “channels” of communication to receive bug reports, is 24 hours enough for the volunteer to test, then report, and finally for Microsoft staff to sift through reports? Not to mention spiteful hackers may plug these channels with DOS attacks.

      I would modify your proposal: in addition to your Manic Patch Monday, add a Fixit Friday, to open the patches to a screened group of TRUSTED volunteers and partners. Then they have 3-4 days to test and report back to Microsoft through trusted channels.

      Volunteers can include academics and trusted white hat hackers. “Partners” can include antivirus and security companies and software companies Microsoft already works closely with anyway; patches would be delivered specifically to key trusted personnel within each company (CIOs, et al).

      The pro is extra time to work over the weekend; the con is companies will literally be (paying for) working overtime to test the patches.

      Maybe add a reward for each bug found, such as Microsoft recently offered for reporting security flaws. The money would be small compared to the loss of reputation (? if any further drop is possible) for Microsoft – and more importantly, the losses in productivity for users and the business world from botched updates.

      Reply | Quote
    Viewing 0 reply threads
    Reply To: Patch Monday

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.