In a major shift in its security strategy, Microsoft says it plans to give security software makers an early look at technical details of security vulnerabilities before it releases updates on Patch Tuesday each month.
Microsoft announced the initiative, called the Microsoft Active Protections Program (MAPP), Tuesday at the Black Hat security conference in Las Vegas.
In a Tuesday post to the newly established Microsoft Security Response Center blog, MSRC senior program manager Steve Adegbite explained that the goal of MAPP is to give security vendors more breathing room to produce signatures.
"Basically, in doing this, we're betting that cutting out the time to reverse engineer our security updates will give valuable time back to the defenders to focus on protection enhancement and faster delivery," Adegbite wrote.
Microsoft has also established what it calls an Exploitability Index, which will be part of Patch Tuesday release and will help customers gauge the likelihood that exploits will be developed for the vulnerabilities addressed by Microsoft security updates, according to Adegbite.
Greg Hanchin, a principal at Denver-based security solution provider DirSec, says Microsoft has improved its security efforts in recent years because it has been listening more to the security community.
"How do you take millions of lines of code and make it perfect? It's hard. Microsoft may be slow to change, but once they do, things do improve," Hanchin said.
The predictability of Microsoft's Patch Tuesday release has steadily cut into the lead time from the announcement of a vulnerability to the release of exploit code, Microsoft believes the MAPP program will help reverse this trend.
"It's not enough to point the finger at one entity and say "Fix it." Those of us who belong to the security ecosystem must own the problem, and share in the solution," Adegbite wrote.
|
Symantec's Code Red: The Law Enforcement/Anonymous E-Mail Exchange Law enforcement officials negotiated via e-mail for more than two weeks with an Anonymous group member trying to extort $50,000 from Symantec to keep stolen product code off the Internet. |
|
How To Sell IT Security Services To Your Customers Cyberattacks can cost a business thousands, even millions, of dollars, and can deal a death blow to some. Here's how IT solution providers can help guard against malicious attacks. |
|
Cybersecurity Experts: What They Know Could Scare You A recent report based on interviews with security experts in government, business and academia finds more than half in agreement that a worldwide arms race is taking place in cyberspace. |
 More
Slide Shows |
- Insider Threats: The Next Frontier for Security Resellers and SMBs
- Complete Security and Your Bottom Line: Sophos, Value and the Channel
- Tough Threats, Tougher Security: How You Can Leverage New Solutions To Combat A “Targeted Attack” Landscape
- Dark Clouds Ahead: Why the Mid-Market Needs To Ramp Up Cloud Security and How You Can Help Them Get There
