Microsoft Spurned Researcher Collective swings into action

Security researchers have started an anti-Microsoft club, promising full disclosure of any vulnerabilities.

Microsoft Spurned Researcher Collective swings into action

The Microsoft-Spurned Researcher Collective – which is a spin on Microsoft’s Security Response Centre – are angry at the software giant’s “hostility” to external researchers, notably Tavis Ormandy, the Google-employed researcher who released the details of a Windows Support flaw days after warning Microsoft about it.

“Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective,” the group said in a post on a disclosure website. “MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer.”

Listing off a flaw in Server 2008 and Vista, the MSRC group said it wasn’t able to offer a fix, advising users to look to Microsoft for a solution, cheekily telling them to find the security registry key and change “the ‘OurJob’ boolean value to FALSE.”

The group said it was looking for members, but warned Microsoft against trying to infiltrate it. “We do have a vetting process by the way, for any Microsoft employees trying to join.”

Microsoft has yet to return request for comment, but disclosing security flaws before firms have a chance to deal with them is seen by many in the security world as irresponsible.

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos