cvd

About this tag
Coordinated Vulnerability Disclosure (CVD) is a security philosophy that emphasizes collaboration between vendors, researchers, and customers to resolve vulnerabilities with minimal risk. Microsoft has adopted CVD, shifting from the term 'responsible disclosure' to highlight the need for coordination. The approach involves privately disclosing vulnerabilities to the vendor, allowing time for a patch before public release. Microsoft's CVD practices include security advisories, such as the update for the Microsoft Malware Protection Engine addressing a denial-of-service vulnerability, and regular bulletin releases like the April 2011 update covering 64 vulnerabilities. The goal is to protect customers from cyberattacks by ensuring timely and coordinated responses to security issues.
  1. News

    A Call for Better Coordinated Vulnerability Disclosure

    For years our customers have been in the trenches against cyberattacks in an increasingly complex digital landscape. We’ve been there with you, as have others. And we aren’t going anywhere. Forces often seek to undermine and disrupt technology and people, attempting to weaken the very devices...
  2. News

    Microsoft releases Security Advisory 2974294

    Today, we released Security Advisory 2974294 to inform global customers about an update for the Microsoft Malware Protection Engine. This update addresses a privately disclosed issue and fixes a vulnerability that could allow a denial of service if the Microsoft Malware Protection Engine scans a...
  3. News

    Coordinated Vulnerability Disclosure: From Philosophy to Practice

    Last summer at the Black Hat security conference, we announced a philosophical shift in how we refer to vulnerability disclosure, called "Coordinated Vulnerability Disclosure" (CVD). Our intent was to focus on how coordination and collaboration are required to resolve security issues in a way...
  4. News

    April 2011 Security Bulletin Release

    Hello again everyone, Pete Voss here, and as I previously mentioned in the Advanced Notification blog on Thursday, today we are releasing 17 security bulletins, nine of which are Critical, and eight rated Important. These bulletins will increase protection by addressing 64 unique...
  5. News

    Announcing Coordinated Vulnerability Disclosure

    Today, Microsoft is announcing a shift in philosophy on how we approach the topic of vulnerability disclosure, reframing the practice of "Responsible Disclosure" to "Coordinated Vulnerability Disclosure." In recognition of the endless debate between responsible disclosure and full disclosure...
Back
Top