Adobe / Microsoft to team up on Vulnerability Sharing

This sounds helpful … but too bad it won’t actually happen until 2012.

Microsoft has announced that it’s to extend it’s Microsoft Active Protections Program (MAPP) to include vulnerability sharing information from Adobe.

The programme, launched in October 2008 allows sharing of information about security vulnerabilities with security software vendors.  So far 65 companies have signed up to the scheme.

In a statement, Microsoft said…

“Adobe products are relied on by individuals and organizations worldwide. Given the relative ubiquity and cross-platform reach of many of our products, as well as the continued shifts in the threat landscape, Adobe has attracted increasing attention from attackers,” said Brad Arkin, senior director of product security and privacy at Adobe. “We are committed to our customers’ security at every level and are excited to leverage MAPP as an important part of our overall product security initiative. MAPP is a great example of a tried and proven model giving an upper hand to a network of global defenders who all rally behind a shared purpose — protecting our mutual customers.”

“Microsoft acknowledges that the constantly changing threat landscape requires a new approach to security — collaboration and shared responsibility are key as past individual efforts are no longer enough,” said Mike Reavey, director of the Microsoft Security Response Center at Microsoft. “We’re excited about extending the benefits of MAPP to Adobe users as we’ve seen clear evidence of its impact in advancing customer protections. We continue to encourage the collective industry — from security researchers and vendors to customers— to recognize the responsibility we all share in fortifying the broader computing ecosystem against online crime.”

The PC ecosystem is so complex these days that closer co-operation between software and security vendors is essential to help maintain stability and consumer confidence.  While many people will directly blame Microsoft for having insecure software, most trained observers will point out that it’s just not that simple, as the recent security scares for Adobe’s Flash and Acrobat software proved.

Microsoft took the opportunity to call on the “broader community” from security researchers to vendors, to all move more towards a co-ordinated disclosure.

With luck, this move will also finally allow third-party vendors to release their patches through Windows Update with the forthcoming Windows 8 in 2012.

© Mike Halsey for gHacks Technology News, 2010. | Permalink | Add to, digg, facebook, reddit, twitter
Post tags: , , , ,

Link to Original Content

Western Telematic, Inc. (WTI) designs and manufactures Serial Console Server products and Rack Mount PDU products to simplify remote management of rack mount network equipment.

Tags: , , ,

Comments are closed.