A day in the life of a Microsoft security patch
ZDNet | at | by Mike
According to MSRC security program manager Stephen Toulouse, the first step in the security response process is the point at which Microsoft is made aware of a vulnerability. "We receive vulnerability reports through a variety of channels," said Toulouse. In some cases, the MSRC is notified by security researchers and others through a widely publicized e-mail address. Some researchers have a direct line to a specific member of the MRSC team. Researchers are not compensated for their efforts, according to Toulouse. In addition to the researchers in the security community, Microsoft also has teams internally that find and report vulnerabilities to the MSRC.