MICROSOFT STATEMENT ON DATA DISCLOSURE TO U.S. GOVERNMENT
(The following statement from Microsoft was received by e-mail. The sender verified the statement.)
Microsoft Corp. Statement on Software Data Disclosure to the U.S. Government
Frank X. Shaw, a spokesman for Microsoft, said:
Microsoft has several programs through which we disclose information regarding vulnerabilities, some of which have government participants. Prior to any fix being released to the 1 billion computers that receive automatic security updates each month, Microsoft communicates with program participants after our engineering cycle is completed to ensure delivery of the most current information. While timing varies slightly each month, disclosure takes place just prior to our security update for billions of customers.
One example, is our Microsoft Active Protections Program (MAPP), which supplies Microsoft vulnerability information to security software partners prior to Microsoft's monthly security update release so partners can build enhanced customer protections. Another example of information disclosure, is through the Defensive Information Sharing Program (DISP), which is open to agencies, individual departments and ministries of national and local government that are also members of both the Government Security Program (GSP) and the Security Cooperation Program (SCP).
Membership into the DISP program provides key technical information on security vulnerabilities prior to the security update being publiclly available in order to get an early start on the risk assessment & mitigation process for national assets. This allows members more time to prioritize creating and disseminating authoritative guidance for increasing network protections.