- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
Microsoft's security team will help third-party developers of Windows applications and add-ons find and fix bugs in their software, the company said Thursday.
The program, dubbed Microsoft Vulnerability Research (MSVR), is a formalization of things the company currently does, not a brand-new initiative, said Andrew Cushman, the company's director of security response and outreach, from the Black Hat security conference.
"This is work we're already doing," he said. "We'll report vulnerabilities we find in third-party software and we'll work with them to identify, resolve and mitigate those vulnerabilities."
Microsoft has, at times, gone public with work it's done in collaboration with other software vendors. One of the most recent examples was in May and June, when Microsoft worked with Apple Inc. on flaws in both its own Internet Explorer browser and Apple's Safari. Then, however, Microsoft took shots at its rival, telling users in one of its security advisories that they should stop using Apple's browser until it was fixed.
Earlier this year, Microsoft helped out Yahoo Inc. by issuing a "kill bit" update through its Windows Update service that disabled a buggy ActiveX control installed by Yahoo on PCs that played tunes purchased from its now-defunct online music store.
According to Cushman, Microsoft's security researchers will report bugs they find during their work to third-party developers, and coordinate their work to make sure that details of those vulnerabilities don't go public before a patch is in place. He also said Microsoft would help those third-party companies in other ways, but was somewhat vague about the extent of that help.
When asked if Microsoft would lend its Windows Update service to pushing third-party updates to Windows users, for example, he hesitated for several seconds before answering: "That's a hard question. We're always looking to provide the best experience for our customers, so we'll examine all aspects, including vulnerability identification, other mitigations and as a final link, detection and deployment.
"But I can't say we would use Windows Update."
Microsoft won't issue security advisories for third party software as it does for its own programs, said Cushman. Instead, according to a follow-up fact sheet that the company's public relations firm provided, outside vendors will be given "the necessary information and assistance to develop an update to address the vulnerability."
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment