Microsoft's 'gagging' policy hits security sector hard

Companies outside 'elite' circle fear the worst ...

Microsoft's attempt to stop security experts disclosing the details of hack attacks has raised concerns that prices for security products and services will soar. The Redmond behemoth made a deal with a group of security vendors last month to stop the open exchange of the code needed to patch up breached systems (see http://www.silicon.com/a49019 ). Vendors excluded from this elite group now face the prospect of having to charge their customers more because researching vulnerabilities will become more costly for them now they have been left out in the cold. Ofer Maor, senior consultant at security testing company Tescom, said: "Microsoft is unlikely to divulge the vulnerability information to the security community without a huge premium, which means most security vendors will have to do the expensive research themselves. The cost will be ultimately taken out of companies' IT budgets with price increases as the security vendors need to recoup the money spent on research somehow." Dr Neil Barrett, CTO of security consultancy International Risk Management, said Microsoft is trying to corner the security market. "Microsoft will attempt to control access to vital information, which means they can sell it at any price they want to. To me that's a monopolistic situation," he said. Microsoft claims this move is an effort to stop hackers exploiting security information, but the experts say the company is not helping the IT community in any way. Maor said: "Microsoft does not understand that hackers don't get their [information] from security sites - they swap information amongst themselves. Microsoft is trying to disguise its own bad software, not help the security community."