Earlier this week Microsoft announced that it would institute two pilot programs designed to distribute information on technical updates for the company’s product vulnerabilities before they are issued, in addition to advising on critical infrastructure security.
Microsoft will provide advanced technical information on upcoming product updates through its Defensive Information Sharing Program (DISP), which is provided to national government organizations that participate in the company’s current Government Security Program and Security Cooperation Program. The other pilot project – the Critical Infrastructure Partner Program – will provide these government entities with advice and strategies on protecting critical infrastructure.
Discussing the information sharing program in a blog posting, Steve Adegbite, a security program manager with the Microsoft Security Response Center, said: “We will provide this information after our investigative [and] remediation cycle is completed to ensure that DISP members are receiving the most current information.”
“While this process varies from issue to issue due to the complex nature of vulnerabilities, disclosure will happen just prior to our security update release cycles”, he added.