Microsoft's brotherhood of silence

Security professionals have hit back at Microsoft following the software giant's call to the IT community to take a vow of silence over hack attacks and other security issues.

Microsoft recently published an essay, on its TechNet support site, entitled The end to Information anarchy, which condemned security professionals for openly discussing hacker exploits. The paper, written by Scott Culp, manager of the Microsoft response centre, urges the community to be more cautious when discussing the vulnerabilities.

"It's high-time the security community stopped providing blueprints for building these weapons," Culp wrote. "And it's high-time computer users insisted that the security community live-up to its obligation to protect them.

"The relationship between information anarchy and the recent spate of worms is undeniable. Every one of these worms exploited vulnerabilities for which step by step exploit instructions had been widely published and using the same techniques as were published."

But Microsoft's views have outraged the security community, which is calling for an end to the finger pointing culture.

Andy Strong, VP of global IT security at investment bank Dresdner Kleinwort Wasserstein, said: "Microsoft's aim to generate general discussion has completely backfired. They are obviously looking for someone to blame, which has deeply upset the security community. Security professionals look for support from software vendors, not naming and shaming," he said.

Jean-Luc Giaud, security consultant at smart card maker Gemplus, said: "Users are concerned about security and it would be best if everyone tried to help one another to fight against the culprits rather than digging for scapegoats," he said.