Microsoft go public with third-party patches
By Chris Taylor
27/04/2011
Microsoft are to issue public statements about third-party bugs in Windows systems, according to The Register.
Formerly, Microsoft would have kept any security risks between themselves and third-party product manufacturers private. Such as faults within other web browsers (e.g. Google's Chrome) or media players (e.g. Apple's iTunes).
Now they have decided to make all security notifications public, but they will notify third-party vendors in advance of any threats. However, they have reserved the right to issue notifications before a patch has been released in cases where a flaw is under active attack.
Microsoft have their own patch management software and they often apply fixes to the Windows operating system as regularly as once a week. The practice is usual for large companies who may use a combination of software from different makers, and regular patching is essential for complete protection against vulnerabilities.
Microsoft however will have to save face somewhat, as their new Coordinated Vulnerability Disclosure policy will need to get rivals like Adobe and Google on board to fully support the Windows eco-system from attack. This could involve sharing software code and company secrets.
According to security news source, H Online, Microsoft patched vulnerabilities in the Google Chrome and Opera browsers last year but the company held back this information from the public until now.
Microsoft have always published the reasons for issuing patches for their own first-party software branches like Office and Explorer, after applying the fix.
