

MSRC: Microsoft-Spurned Researcher Collective releases 0-day - fname
http://seclists.org/fulldisclosure/2010/Jul/3

======
TallGuyShort
I've never heard of this before, so forgive me if I'm restating the obvious,
but this appears to be getting in the face of Microsoft's MSRC:
<http://www.microsoft.com/security/msrc/> (Microsoft Security Response
Center).

edit: Does anyone know more about the hostility they're referring to and what
their objectives are? Presumably Microsoft was being less-than-cooperative?

~~~
fname
_Does anyone know more about the hostility they're referring to and what their
objectives are? Presumably Microsoft was being less-than-cooperative?_

Yes, the posting refers to Tavis Ormandy, a Google security researcher, who
released his advisory after 5 days of initial communication with Microsoft.
The story is he wasn't happy with the timetable that Microsoft would resovle
the issue in. The story got bigger as it seemed to pit Google vs. Microsoft.

more: <http://news.ycombinator.com/item?id=1421980>

~~~
btilly
The later discussion at <http://news.ycombinator.com/item?id=1434461> has even
more information, including the following quote from taviso's twitter: _I'm
getting pretty tired of all the "5 days" hate mail. Those five days were spent
trying to negotiate a fix within 60 days._

