MICROSOFT STATEMENT ON DATA DISCLOSURE TO U.S. GOVERNMENT

     (The following statement from Microsoft was received by e-mail. The sender 
verified the statement.)                                                         
Microsoft Corp. Statement on Software Data Disclosure to the U.S. Government 
Frank X. Shaw, a spokesman for Microsoft, said: 
Microsoft has several programs through which we disclose information 
regarding vulnerabilities, some of which have government participants. Prior to 
any fix being released to the 1 billion computers that receive automatic 
security updates each month, Microsoft communicates with program participants 
after our engineering cycle is completed to ensure delivery of the most current 
information. While timing varies slightly each month, disclosure takes place 
just prior to our security update for billions of customers. 
One example, is our Microsoft Active Protections Program (MAPP), which 
supplies Microsoft vulnerability information to security software partners 
prior to Microsoft's monthly security update release so partners can build 
enhanced customer protections. Another example of information disclosure, is 
through the Defensive Information Sharing Program (DISP), which is open to 
agencies, individual departments and ministries of national and local 
government that are also members of both the Government Security Program (GSP) 
and the Security Cooperation Program (SCP).  
Membership into the DISP program provides key technical information on 
security vulnerabilities prior to the security update being publiclly available 
in order to get an early start on the risk assessment & mitigation process for 
national assets. This allows members more time to prioritize creating and 
disseminating authoritative guidance for increasing network protections.
 
 
Press spacebar to pause and continue. Press esc to stop.