At the Black Hat USA 2008 conference today, Microsoft Corp. introduced security-related programs that share early information with partners to help them protect customers quickly and effectively. The new programs also provide additional information and guidance to help customers evaluate risks and prioritize the deployment of Microsoft security updates.
Along with the predictability of Microsoft’s monthly security update process is the emergence of an undesirable cycle — the release of exploit code, related to those updates, sometimes within hours of release. Understanding this changing threat environment, Microsoft will offer the Microsoft Active Protections Program (MAPP), which gives security software providers advance information about vulnerabilities addressed by Microsoft security updates. This will allow security software providers to offer protections to customers quickly and effectively.
In addition, as part of the company’s ongoing effort to improve its guidance for customers, Microsoft announced its new Exploitability Index. Developed based on customer feedback, the Exploitability Index will provide customers with guidance on the likelihood of functional exploits being developed for vulnerabilities addressed by Microsoft security updates. This additional information helps customers better assess their unique risks and better prioritize deployment of the monthly security update. The Exploitability Index will be included as part of Microsoft’s monthly security bulletin release.
Via this Microsoft press-release.