Fuel for those following the full disclosure vs. no-disclosure debate started by Microsoft recently. "Microsoft has admitted that it knew about a security hole in Internet Explorer (IE) a full week before it accused a security firm of acting irresponsibly for publicly disclosing details of the exploit.. . .
Fuel for those following the full disclosure vs. no-disclosure debate started by Microsoft recently. "Microsoft has admitted that it knew about a security hole in Internet Explorer (IE) a full week before it accused a security firm of acting irresponsibly for publicly disclosing details of the exploit.

Microsoft has retracted its earlier claim that the first it heard of the exploit was on 8 November -- the date of the public disclosure -- and now admits that it was actually notified a week earlier, on 1 November. Microsoft insists that two weeks were needed to investigate the alert properly, and maintains that no security breaches occurred through the delay.

"We are obviously not going to respond instantly--we have to sieve the wheat from the chaff to determine how reliable the vulnerability warning is," said Neil Laver, Windows product marketing manager for Microsoft. "Until we can investigate the issue, we are not going to issue a bulletin, as that would create a crying wolf situation."

The link for this article located at ZDNet is no longer available.