Microsoft to give partners heads-up on security vulnerabilities

by admin August 5, 2008 at 4:56 pm

Microsoft will be giving companies that sell security software and services to its customers a sneak peek at the technical details of the vulnerabilities in Microsoft software before the company releases its monthly “Patch Tuesday” updates.

The new Microsoft Active Protections Program, set to be announced at the Black Hat security conference on Tuesday, is designed to give software vendors a change to prepare updates to their software before attackers have a chance to reverse engineer Microsoft’s security patch and create an exploit.

“It’s essentially a race between the attackers and the protectors,” said Andrew Cushman, who runs the Microsoft Security Response Center. The program will “give a head start to software providers delivering security features to our mutual customers.”

“It will save (vendors) the work of reverse engineering the patch and identifying where the vulnerability is and what triggers the exploitability,” he said.

Full story: