|^|

all digital. all tech. all good.

5. October 2010 05:14
by clinton
1088 Comments

Microsofts Framework Vulnerability - Whats scarier, the hole or the public response?

5. October 2010 05:14 by clinton | 1088 Comments

 


The old .NET Framework logoImage via Wikipedia

Microsoft’s recently revealed security flaw in its. Net framework was publically announced on Scott Guthrie’s blog a few weeks ago. Scott Gu is disputably the most respected voice in the Microsoft developer community. A very plain blog is his testament to his influence; in an industry that values quality information – the community of developers following him is a true testament.

 
When I awoke the morning of the 18th here in Australia, I received Scott’s tweet on the vulnerability. At first I wasn’t too fussed, Microsoft is notoriously full of security holes and this one would need a fair amount of traffic in order to pull off. It’s the vulnerabilities that aren’t posted that scare me.


Arrival at work wasn’t what I had expected. The dev team were all a flutter with the issue and thats when I realized the severity of the vulnerability, not the risk of it occurring before a release patch, but how public this announcement would be. Before I knew it I had clients asking, management asking and every developing discussing the mitigation strategy. 

The mitigation strategy was relatively easy to implement, unless you have a client with over 130 web.config files (whole post itself)
Buzz was allayed and workarounds were implemented, but I still couldn’t shake the feeling of panic that was around me.

Nowdays I’m not too sure which is better or worse, a massive framework vulnerability disseminated to every tom, sue and harry on the internet or the undisclosed equally devastating vulnerability that MS are patching before announcing...

Related articles by Zemanta

 

blog comments powered by Disqus