I've never heard of this before, so forgive me if I'm restating the obvious, but this appears to be getting in the face of Microsoft's MSRC: http://www.microsoft.com/security/msrc/ (Microsoft Security Response Center).
edit: Does anyone know more about the hostility they're referring to and what their objectives are? Presumably Microsoft was being less-than-cooperative?
Does anyone know more about the hostility they're referring to and what their objectives are? Presumably Microsoft was being less-than-cooperative?
Yes, the posting refers to Tavis Ormandy, a Google security researcher, who released his advisory after 5 days of initial communication with Microsoft. The story is he wasn't happy with the timetable that Microsoft would resovle the issue in. The story got bigger as it seemed to pit Google vs. Microsoft.
The later discussion at http://news.ycombinator.com/item?id=1434461 has even more information, including the following quote from taviso's twitter: I'm getting pretty tired of all the "5 days" hate mail. Those five days were spent trying to negotiate a fix within 60 days.
The bigger picture is vendors can't impose rules on what security researchers do on their free-time if they are not willing to pay for the bugs the researchers find and report. Hence the reference to the registry entry: "HKCU\Microsoft\Windows\CurrentVersion\Security and
changing the "OurJob" boolean value to FALSE."
edit: Does anyone know more about the hostility they're referring to and what their objectives are? Presumably Microsoft was being less-than-cooperative?