When Microsoft decides to make changes in the way it disseminates important information to customers – particularly when that information was a trusted source for security – customers get angry. Such is the case with Microsoft’s recent changes to how it distributes security update information.
In November of last year, Microsoft announced that it would end how it distributed security patch information. The company said that it would stop using the old format and would migrate to the new Security Updates Guide which is located here: https://portal.msrc.microsoft.com/en-us/security-guidance
Many in the customer community have complained about this change. Some have started to petition the software company to bring back the old ways of supplying information.
If a recent announcement is any indicator, Microsoft will probably not go back to the old ways, but instead try to appease customers by integrating customer complaint into the new system. In “Taking your feedback on the Security Update Guide,” Simon Pope, Security Group Manager with the Microsoft Security Response Center gives a short list of enhancements that are rolling out to the Security Update Guide this month:
- Fixed a few bugs in translations and data population
- Improved the experience of using advisories, such as adding unique identifiers
- Restored the links to the MITRE site for CVE details
Additionally, Simon says…
Today, you can consume Security Update Guide data in two ways: via the API with the industry-standard CVRF feed, and through the dashboard.
We’ll have to see if this enough to appease the angry, pitchfork wielding mobs.
Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!