Analyst Report
SDL Series - Article #6: Microsoft's Security Response
Published: 2/16/2009
In the sixth article in the series, we examine how Microsoft's Security Response Center reaches out to security researchers and responds to vulnerability reports.

Summary
Every vendor must plan a robust security response to use after products are released. In this article, you will see how Microsoft fixes vulnerabilities after release, and works with security researchers to learn the state of the art attacks.
Included in this document
  • Identifying Vulnerabilities
  • Developing Updates
  • Update All Versions, on a Set Schedule
  • Feedback into the SDL
  • Improving the Ecosystem
  • Emergency Response
  • Working with Security Researchers
  • Responsible Disclosure