One of the biggest problems about being a huge, multinational software company with bunches of programs is that you're a huge, multinational software company with bunches of programs. Not everything can get fixed, particularly the same day...and with Internet Explorer being the world's most-used browser, that can lead to some real issues. Enter ZERT - the Zeroday Emergency Response Team
, here to fix your most dangerous security threats.
Of course, there's one fly in this ointment - ZERT doesn't have the slightest thing to do with Microsoft
. The group was born out of a desire to help temporarily patch some of the biggest, most dangerous holes until Microsoft can get around to fixing them. Oddly, despite the noble intentions, much of the group remains anonymous.
The members who are known are a veritable "Who's Who?" of security and decompiling - Sabre Security CEO Halvar Flake, Internet Software Consortium founder Paul Vixie, former Virus Bulletin editor Nick FitzGerald, Cisco IOS pro Hank Nussbacher, and last (but certainly not least) Ilfak Guilfanov - the author of one of the world's best decompilers, IDA Pro.
Those of us familiar in the world of reverse engineering will at least recognize a couple of those names, particularly Guilfanov. Others of them are rather new to the "scene," so to speak, but certainly seem to carry their weight with titles. But even with all the names, would IT members actually use patches that are not MS sanctioned? The group intends them to be 'temporary' fixes until Microsoft gets to repairing the bugs, but it certainly is enough to make one uneasy. The target market of these ZERT patches is the same group that has so much to lose if they end up being more poison than panacea.
Would you use a patch provided by a third party? What about one with so much security clout behind it? Let us know your thoughts in our forums