Microsoft Expands MAPP, Shares Attack Data With Incident Responders 18
Trailrunner7 writes "Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats. Now, Microsoft is expanding and changing the MAPP program so that more people will have access to some of the data and the information will be available earlier. Until now, MAPP members get access to patch data 24 hours before the release. Microsoft will be giving that information to MAPP companies three business days before Patch Tuesday going forward. The new MAPP for Responders program is an extension of the existing system and is designed to allow incident response teams to share information among themselves and to benefit from the threat intelligence that Microsoft has, as well."
Re:MAPP isn't nearly enough... (Score:4, Interesting)
The only thing slightly unreasonable to me is the "Are you willing to have your company name and URL displayed on our MAPP website?" question, but only because it has nothing to do with security and it probably the result of having to please the marketing department.
In the interest of public disclosure of *who* has access to advance information about vulnerabilities before they are patched, I actually find it highly relevant. I can see good coming from giving truly security minded companies a head start. But I would like to know *who* gets this head start.
A few years back a rogue Chinese security company (or just a rogue employee?) leaked proof-of-concept exploit code to Chinese hacker websites. The security company had received the PoC code from Microsoft as part of the MAPP program. The intention was that security companies (AV vendors) could use the PoC code to create heuristics/signatures to scan for exploit attempts.
Of course the spin on slashdot was that Microsoft had "leaked" exploit information. Go figure.
It is also in this light we have to view the "Microsoft shares vulnerability information with the fr***** NSA!!! OMG! Conspiracy!!!" debacle.
Problems with NSA overreaching notwithstanding, I for one believe that NSA should receive vulnerability information at about the same time as it is made public to the other MAPP partners. This news is just that similar agencies of other countries now will receive the information at the same time as NSA and other MAPP partners.
Which is 1-3 days in advance.