14 DAY TRIAL // Microsoft has stepped up its security vulnerability research and defense, making available a new online hotspot designed to offer a "deep" insight into the threats associated with the company's software products. Deep and not quite. Jonathan Ness, the head of the Microsoft SWI Defense team of software security engineers, revealed that IT professionals and security researchers would be able to access information related to security vulnerabilities, as well as the necessary mitigations and workarounds to dodge exploits, but also data about active attacks, along with extended guidance. At the same time, the Redmond company will attempt to divulge as little information as possible. The contradiction comes as Microsoft has to protect the end users from the risks associated with reverse engineering.
"The Security Vulnerability Research & Defense blog's intent is to provide more information about Microsoft vulnerabilities, mitigations and workarounds, and active attacks. During Microsoft's technical investigation of security issues, information is discovered that we feel is important to share", the company explained.
Microsoft plans to use the blog in order to address various security issues. Users will be able to get their hands on complex workarounds designed for specific scenarios, but also to access extensive information about how to remain protected, even in the absence of a patch. The Redmond company also plans to make available mitigations set up to address security vulnerabilities until updates are made available. On top of these, the site will also bring to the table guidance and even debugging techniques.
"We are excited to have this outlet to share more in-depth technical information about vulnerabilities serviced by MSRC security updates and ways you can protect your organization from security vulnerabilities. During our vulnerability research, we discover a lot of interesting technical information. We're going to share as much of that information as possible here because we believe that helping you understand vulnerabilities, workarounds, and mitigations will help you more effectively secure your organization", reads a message posted on the Security Vulnerability Research & Defense blog.