Microsoft updates "coordinated" bug program

Microsoft has announced new components to its Coordinated Vulnerability Disclosure program, unveiled last summer to enhance transparency around the discovery, response and handling of security flaws.

Among the updates, announced Wednesday, Microsoft released a document that describes how Microsoft responds to bugs that researchers report to the software giant. The paper also chronicles the procedures Microsoft takes when it discovers a vulnerability in a third-party product, in addition to how it helps lead coordination if a vulnerability affects multiple vendors, so to minimize end-user harm.

Also as part of its Wednesday announcement, Microsoft, for the first time, released advisories related to bugs its research team has discovered in third-party products. The holes, already fixed, affected the Google Chrome and Opera browsers.

In the document, Microsoft explains how it goes about notifying and working with impacted vendors, such as Google or Opera. It begins by reporting the issue to the vendor and asking for periodic updates, for example, an estimate for when a patch will be ready.

Read more -here-

• ChatGPT can now handle reminders and to-dos
• T-Mobile to acquire digital advertising leader Vistar Media for $600M
• Netgear expands WiFi 7 home networking portfolio with Orbi 870 series mesh system
• Swippitt debuts phone charging hub with automated battery swapper
• TP-Link introduces new Wi-Fi 7 routers and mesh systems at CES 2024
• Meta is ditching third-party fact checkers on Facebook, Instagram