microsoft-building99In the realm of tech companies cooperating with the US government, it seems that when it rains, it pours.

Following revelations about Verizon giving phone data to the NSA and the NSA’s wide-reaching data collection operation, the floodgates of anonymous government sources have been opened. Almost every day there’s some new revelation about how a major tech company was working with the US government without the knowledge of users.

Microsoft is back on that list. Bloomberg News reported overnight that the company is giving the government information about security flaws in its products before releasing public fixes for them.

A Microsoft spokesman told Bloomberg that such practices are used to give the government a head start on risk management. In other words, it’s a way of giving the US a means of defending against zero-day exploits — online attacks against unpatched vulnerabilities.

But as it turns out, that knowledge may not only be used for defense. According to Bloomberg’s anonymous sources, the advance knowledge has “allowed the U.S. to exploit vulnerabilities in software sold to foreign governments.”

What do you think? Is Microsoft right to disclose vulnerabilities to the government, even if that means they’re then used to spy on others?

Previously on GeekWire: Microsoft wants government to provide more transparency for security requests

Comments

  • John Vanderslice

    I was right all along!

    “Backdoors
    Passwords galore

    Only the hackers
    Only the Feds know!”

    –John Vanderslice

  • Mike_Acker

    how long have we been playing Whac-a-Mole at Camp MSFT ?

    “as soon as one door closes” — another one will open. Where was this stuff written,– somplace along “One Infinite Loop” ?

    consider Linux, — Ubuntu or Mint. I’m coming up on the 1 year anniversary of my Liberation

    • guest

      Ubuntu and Mint likely don’t need you to shill for them. There’s also no particular reason to think they don’t proactively advise Governments of vulnerabilities in their products too. Or are you stupid enough to think they don’t have any?

  • guest

    Right, because the US Government doesn’t employ people fully capable of finding and exploiting loopholes in software without the vendors advising them.

Job Listings on GeekWork