Over the last few years, often when I met customers I asked them several question:
- Are you happy with our monthly Security Update rhythm?
- How do you see the quality of the Security Updates?
- Any feedback to the Security Bulletins?
Often, the feedback was pretty similar: Monthly is ok, the quality of the updates is more than ok (some medium customers decided not to test them anymore but deploy and then fix if anything went wrong - less effort to be spent) and I often got some feedback to the Bulletins.
Often I got reactions on the Advanced Notification as the customers wanted more details. This is always a delicate balance as we do not want to "0-day" ourselves by disclosing too much information to the criminals but giving our customers enough information to plan for the following Tuesday.
We now took all your feedback and tried to integrate the received feedback and changed both: The Advanced Notification and the Security Bulletins. You can find the details here: http://blogs.technet.com/msrc/