Posted on 06/13/2018 7:59:38 AM PDT by dayglored
Draft document explains where Redmond thinks its responsibility ends
Microsofts published a draft Security Servicing Commitments for Windows in which it explains the bugs it will and wont fix.
The document (PDF) was revealed on June 12th and is intended for security researchers, to offer better clarity around the security features, boundaries and mitigations which exist in Windows and the servicing commitments which come with them.
We are primarily interested in feedback around our servicing policies and whether our criteria makes sense to you, the researcher, says Microsofts announcement of the draft.
Microsoft explains that it asks two questions when it learns of a bug:
If the answer to both questions is yes, then the vulnerability will be addressed through a security update that applies to all affected and supported offerings, the document explains, and Microsoft will deliver that update ASAP. If the answer to either question is no, then by default the vulnerability will be considered for the next version or release of an offering but will not be addressed through a security update, though in some cases an exception may be made.
The document also explains that it rates bugs on a five-step scale - Critical, Important, Moderate, Low, and None and that Microsoft only fixes Critical and Important flaws.
It also reveals that there are some issues for which Microsoft will pay out a bug bounty, but doesnt feel it needs to issue a rapid fix. One such category of flaws is a Data Execution Prevention mess in which An attacker cannot execute code from non-executable memory such as heaps and stacks.
The Register sometimes hears from security researchers who feel that Microsoft has not responded to bug reports with appropriate haste. This document and its eventual finalised successor should help to explain such incidents to researchers. Its also of interest to end-users because by explaining bugs that Microsoft wont rush to fix it offers some more detail about the risks that come with running Windows. ®
This (draft) document is merely an explanation of their rationale.
But it's rather interesting to see what they consider worth fixing, and NOT worth fixing.
They are not ‘flaws’, they are FEATURES!..........................
My cure for windows especially 8.1 is MacBook Pro
This Microsoft document should be of some interest to liability lawyers. A company is well-aware of a product defect, but decides not to fix this defect. The defect later causes a consumer a financial loss.
I suppose buried somewhere in the software agreement is a clause absolving Microsoft of any such liability. But to deliberately ignore a known flaw, I don’t know if such a clause would hold water.
(I hope not as Bill Gates and Friends...not my favorite people.)
Well, from the article:
The document also explains that it rates bugs on a five-step scale - Critical, Important, Moderate, Low, and None and that Microsoft only fixes Critical and Important flaws.
“My cure for windows especially 8.1 is MacBook Pro “
cures windows 10 even better ...
Hmm...so what happens when a known, but ignored, “Moderate” flaw causes some consumer a large financial loss? It would seem to me that the consumer should be able to sue Microsoft for negligence.
Windows 10 is a bug.
I’m guessing the Terms of Service covers that.
I haven’t had a lot of problems with it.....with it......witrh it......woiejdal it,,,..,.lpe..e......
Now, THAT’S funny!
Windows 10 is a bug.
*********
I lost almost a week with limited usefulness after the last big update “creators” ,, still haven’t cured my audio bug (lost front headphone out).
Reading the EULA (End Users License Agreement) for nearly -any- modern software is an enlightening experience. It's not just Microsoft -- practically all of them have astonishing limitations and restrictions on what you can do, and what you can successfully complain about.
The open source licenses (GPL, BSD) are more up-front by far, but their message is basically: "Best of luck, Bucko! Hope it works for you."
"The large print giveth and the small print taketh away."
-- Tom Waits, "Step Right Up", Small Change (1976).
Thats ‘zakly what I was gonna write!
I’ve been in the software industry for quite some time and I can tell you in all honesty that Apple probably has a similar policy.
I worked on Win95 with development at MS.
We released with 40,000 bugs. Obviously not ALL were very important.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.