I noticed a bug in SymCrypt, the core library that handles all crypto on Windows. It's a DoS, but this means basically anything that does crypto in Windows can be deadlocked (s/mime, authenticode, ipsec, iis, everything). Microsoft committed to fixing it in 90 days, then didn't.
-
-
But you're working with vendors to make the Internet safer for all, so if the vendor, who has to do the work to fix it, says a deadline of 120 days, why not respect that, I honestly don't understand the inflexibility, certainly when dealing with this particular vendor
-
The policy is *highly* flexible, any number of days between 0 and 90 is acceptable. In addition, if an update or patch was already scheduled within 14 days of the deadline, we offer a "grace period" to align the schedule.
- 18 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.