(The following statement from Microsoft was received by e-mail. The sender
verified the statement.)
Microsoft Corp. Statement on Software Data Disclosure to the U.S. Government
Frank X. Shaw, a spokesman for Microsoft, said:
Microsoft has several programs through which we disclose information
regarding vulnerabilities, some of which have government participants. Prior to
any fix being released to the 1 billion computers that receive automatic
security updates each month, Microsoft communicates with program participants
after our engineering cycle is completed to ensure delivery of the most current
information. While timing varies slightly each month, disclosure takes place
just prior to our security update for billions of customers.
One example, is our Microsoft Active Protections Program (MAPP), which
supplies Microsoft vulnerability information to security software partners
prior to Microsoft's monthly security update release so partners can build
enhanced customer protections. Another example of information disclosure, is
through the Defensive Information Sharing Program (DISP), which is open to
agencies, individual departments and ministries of national and local
government that are also members of both the Government Security Program (GSP)
and the Security Cooperation Program (SCP).
Membership into the DISP program provides key technical information on
security vulnerabilities prior to the security update being publiclly available
in order to get an early start on the risk assessment & mitigation process for
national assets. This allows members more time to prioritize creating and
disseminating authoritative guidance for increasing network protections.
Press spacebar to pause and continue. Press esc to stop.