NewsDude
08-05-2008, 10:00 PM
Microsoft plans to share early information about its monthly Patch Tuesday updates with security software providers, partners, customers and public organizations.
Announced at this week's Black Hat security conference in Las Vegas, Microsoft's push to thwart exploitation of its software bugs is intended to improve the security ecosystem, said Andrew Cushman, director of security response and outreach at Microsoft.
"In the race between exploit and protection, Microsoft is committed to shifting the advantage to the security industry," Cushman said. "The introduction of these new programs helps address evolving online threats and provides more practical guidance to assess and manage risk." Community-Based Defense
Microsoft admits its monthly security updates are often followed -- sometimes within hours -- by the release of targeted exploit code. This means many customers often don't have time to test and successfully deploy patches -- but that will change, the software giant said.
Under the new Microsoft Active Protections Program (MAPP), members will have advance access to information about the specific vulnerabilities that each security update is intended to address. "Think of it as community-based defense, where we commit our skills and strengths to defend beyond our boundaries to protect our common customers," Cushman said.
By receiving vulnerability information earlier, Cushman added, software security vendors will be able to give their customers quicker access to improved protection features, such as intrusion-prevention systems or security software signatures.
"The industry is reaching a point where delivering an acceptable level of security today is beyond what one company can do alone," Cushman said. "It's time that we approached this problem collectively." Patch Prioritization
Microsoft also intends to launch a new Exploitability Index that will provide the PC industry with additional guidance about the likelihood of code being developed to exploit the bugs addressed by Microsoft's monthly security update. Under the new index, the most attractive...
More... (http://www.toptechnews.com/story.xhtml?story_id=61156)
Announced at this week's Black Hat security conference in Las Vegas, Microsoft's push to thwart exploitation of its software bugs is intended to improve the security ecosystem, said Andrew Cushman, director of security response and outreach at Microsoft.
"In the race between exploit and protection, Microsoft is committed to shifting the advantage to the security industry," Cushman said. "The introduction of these new programs helps address evolving online threats and provides more practical guidance to assess and manage risk." Community-Based Defense
Microsoft admits its monthly security updates are often followed -- sometimes within hours -- by the release of targeted exploit code. This means many customers often don't have time to test and successfully deploy patches -- but that will change, the software giant said.
Under the new Microsoft Active Protections Program (MAPP), members will have advance access to information about the specific vulnerabilities that each security update is intended to address. "Think of it as community-based defense, where we commit our skills and strengths to defend beyond our boundaries to protect our common customers," Cushman said.
By receiving vulnerability information earlier, Cushman added, software security vendors will be able to give their customers quicker access to improved protection features, such as intrusion-prevention systems or security software signatures.
"The industry is reaching a point where delivering an acceptable level of security today is beyond what one company can do alone," Cushman said. "It's time that we approached this problem collectively." Patch Prioritization
Microsoft also intends to launch a new Exploitability Index that will provide the PC industry with additional guidance about the likelihood of code being developed to exploit the bugs addressed by Microsoft's monthly security update. Under the new index, the most attractive...
More... (http://www.toptechnews.com/story.xhtml?story_id=61156)