So today, instead of the normal first Thursday of the month heads up bulletin, the one that says how many security bulletins to expect and what type, they sent out an email saying that they are discontinuing it for everyone but their premier support customers.
So let’s review what actions Microsoft has done since they announced the closure of the Trustworthy computing group:
1. They stopped doing the MSRC monthly webcasts, the only method we have for getting public clarification of security patch questions.
2. They stopped posting the risk index post on the SRD blog.
3. They stopped posting the exploitability grid and recap video on the blog.
4. They increased the price tag of support cases from $259 per call to $499 a call. Now while I know that support calls for security patch issues are ultimately “comp’d” back, many a customer is not willing to play what I call the credit card game and open a case with the trust that they will get the fee comp’d back.
and now they “got feedback” from customers that we no longer need to have advanced warning of what security updates are to be released on the second Tuesday.
I am really unsure of what customers feel that patches released lately are of a level and quality that merely waiting until the information comes out on Tuesday is good enough to plan our patching schedules around.
If you are like me and feel that enough is enough and I’m a customer of Microsoft that deserves more respect than what I am getting, go social and email whatever Microsoft representative you have access to, and by all means take to Twitter or any other social site as you see fit to express your opinion on this matter.