Computerworld: An anonymous group of security researchers has disclosed details about a new bug in Windows Vista and Windows Server 2008. But what is more interesting than the fact that Windows has another security flaw is the way the group has organized itself.
The group calls itself the "Microsoft-Spurned Researcher Collective" or "MRSC"--a pun on the Microsoft Security Response Center or MRSC, which is responsible for investigating vulnerabilities in Microsoft software. The group also took Microsoft to task for its treatment of Tavis Ormandy, another researcher who made a bug public last month. They pledge to "fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."
Microsoft says it is investigating the bug uncovered by MRSC but that the vulnerability isn't significant enough to warrant a security advisory.