Microsoft to officially share with Windows third-party app vendors flaws it finds in their software
August 8, 2008
LAS VEGAS – Black Hat USA – Microsoft yesterday launched a program to help third-party Windows application vendors fix security flaws in their software. Under the new Microsoft Vulnerability Research (MSVR) program, Microsoft will share with those vendors vulnerabilities discovered by Microsoft researchers or outside researchers in these third-party products.
“We are extending security [research and resolution] to the Windows ecosystem,” says Mike Reavey, group manager for the Microsoft Security Response Center. “We wanted to formalize how we report to these vendors to share and leverage” Microsoft’s security resources. The program reflects the shift in attack trends, with more exploits going after these third-party Windows apps, he says: Over 80 percent of exploits affecting XP systems are against third-party Windows apps, and over 90 percent affecting Vista systems are aimed at third-party Windows apps, according to Reavey. Microsoft’s security experts find these vulnerabilities in third-party apps while working on their own research, or during the Security Development Lifecycle process. Reavey says a good example of how the MSVR process would work is the recent Apple Safari and Windows blended threat, which was initially discovered by an outside researcher who reported it to Microsoft: “We were able to work with Apple” to resolve it. With MSVR, when Microsoft finds vulnerability in a third-party application, it would officially report it to the affected vendor and then help the vendor resolve it.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Microsoft Corp. (Nasdaq: MSFT)
About the Author(s)
You May Also Like
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024