|Subject:||Microsoft's New Program --- MAPP|
|Posted by:||Dan (D…@discussions.microsoft.com)|
|Date:||Sun, 24 Aug 2008|
Will the vulnerabilities be available to security researches 3 days or less
in October as scheduled for MAPP or is this scheduling still all up in the
air where Microsoft chooses one of 3 points in how a patch may affect a user
and/or business. I imagine you want users that work in the electronics
industry and are focused on external security and internal safety issues.
Please Steve Riley can you go into any more detail(s) about the upcoming
Microsoft program to better educate your users and I could find only limited
information about it on the 'Net where say an example was given that a
business might want to first patch vulnerability 3 which let us say is
moderate given its exploitability of high vulnerability in the attack vector
once the patch and associated information are sent out to the public compared
to vulnerability 1 which is critical but has a low exploitability rating.