Improvements to Microsoft Security Reponse Communications

Steve Lipner, Director of Security Assurance at Microsoft, posted a message to the Security Notification mailing list about some new changes in the communications practices that the Microsoft Security Response Center is making.

“Customer feedback tells us that, while technical professionals value our security bulletins, many end-users find them overly detailed and confusing. In addition, end-users who subscribe to the Microsoft Security Notification Service receive bulletins that are of interest only to developers or system administrators.” – Mr. Lipner said.

For providing better information to their customers, for each issue, a less technical end-user security bulletin will be created and placed within Microsoft Security web site.

Another change will consider the Security Bulletin Severity Ratings, which are according to subscribers, “failing to clearly identify the most serious issues”. Microsoft modified the Severity Rating criteria to better fit the needs of its subscribers.