Microsoft made the announcement on last Wednesday at the annual Black Hat conference in Las Vegas, the new security initiatives and tools which focus on partnership with other tech and security vendors helps identify threats and vulnerabilities more quickly. Adobe would be releasing advance vulnerability information to security vendors through Microsoft’s existing MAPP (Microsoft Active Protections Program).
1. About MAPP
The Microsoft Active Protections Program (MAPP) is a new program that will provide vulnerability information to security software providers in advance of Microsoft Corp.’s monthly security update release. Microsoft started this program in 2008. Members of MAPP receive security vulnerability information from the Microsoft Security Response Center (MSRC) in advance of Microsoft’s monthly security update.
When MAPP partners receive vulnerability information early, they can provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems.
As of June 2010, there were 65 companies worldwide taking part in the Microsoft Active Protections Program (MAPP) for early access to the technology giant’s security updates.
2. Why Microsoft Created the MAPP
The amount of time between the release of a Microsoft security update and the release of exploit code for that update continues to shorten. The MAPP will provide security software providers with early access to vulnerability information.
Before this program, security software providers waited until the public release of a security update before building protections. By obtaining early access to this information, security software providers can deliver protection features to customers more quickly.
3. Why Adobe Joined MAPP
In fact, Adobe plans the disclosure to begin in the last quarter of the year.
Typically, whenever a major patch is released, hackers quickly begin to analyze the patch to see what flaws were fixed. They then rush to work out attacks that would exploit the vulnerability on unpatched products.
MAPP can improve security and minimizes the window of opportunity for attack once a patch is released by preemptively keeping all parties in the loop.
"We’re excited about extending the benefits of MAPP to Adobe users as we’ve seen clear evidence of its impact in advancing customer protections. We continue to encourage the collective industry–from security researchers to vendors to customers–to recognize the responsibility we all share in fortifying the broader computing ecosystem against online crime."
Mike Reavey, director of the Microsoft Security Response Center at Microsoft said.
Adobe’s Senior Director Brad Arkin, called MAPP "the gold standard" for sharing vulnerability information in a briefing on the partnership.
"As we look at the industry, we see this continued need for shared responsibility,"
said Microsoft Trustworthy Computing Group director Dave Forstrom.
"We must work together."
4. What Is The Result Of Adobe Joining MAPP
Microsoft defined objective and measureable membership criteria for participants in MAPP, including the following:
- Members must offer commercial protection features to Microsoft customers against network- or host-based attacks.
- Members must provide protection features to a large number of customers.
- Members may not sell attack-oriented tools.
- Protection features provided by members must detect, deter or defer attacks.
As a member, Adobe will share its software vulnerability information with the 65 members of the organisation worldwide.
Adobe will get to play with them to see that they do not break any aspects of its software while Microsoft’s monthly security patch releases.
In additional, it’s the first time that Microsoft has extended the MAPP program to cover another company’s products