From Microsoft Watch from Mary Jo Foley: Is Microsoft’s Silent Treatment Appropriate for Patches?. “Microsoft says it is withholding certain details on security vulnerabilities to protect customers from bad guys. But critics say Microsoft’s cone of security silence only increases the risk for everyone.”
An interesting article. It claims that Microsoft is keeping its bug count artificially low by silently slipstreaming multiple bug fixes into the patches and, worse, not disclosing the details even to their “trusted partners.” The bad guys know what’s patched. Why shouldn’t we? Shouldn’t “Trustworthy Computing” require more transparency than this?