Today at the Black Hat USA 2010 conference, Microsoft announced that it will extend its Microsoft Active Protections Program (MAPP) to include vulnerability information sharing from Adobe Systems. Microsoft also discussed the new policy of coordinated vulnerability disclosure — a reframing of responsible disclosure — and introduced new tools and guidance that will improve online security for customers.
Launched in October 2008 by the Microsoft Security Response Center, MAPP is a unique collaborative effort that facilitates advanced information sharing on Microsoft product vulnerabilities with security software providers. In fall 2010, Adobe will join Microsoft and share its vulnerability information with the 65 global MAPP members, offering advanced protections to hundreds of millions of people.
“Adobe products are relied on by individuals and organizations worldwide. Given the relative ubiquity and cross-platform reach of many of our products, as well as the continued shifts in the threat landscape, Adobe has attracted increasing attention from attackers,” said Brad Arkin, senior director of product security and privacy at Adobe. “We are committed to our customers’ security at every level and are excited to leverage MAPP as an important part of our overall product security initiative. MAPP is a great example of a tried and proven model giving an upper hand to a network of global defenders who all rally behind a shared purpose — protecting our mutual customers.”
“Microsoft acknowledges that the constantly changing threat landscape requires a new approach to security — collaboration and shared responsibility are key as past individual efforts are no longer enough,” said Mike Reavey, director of the Microsoft Security Response Center at Microsoft.
As part of the plan, Microsoft will deploy the Enhanced Mitigation Experience Toolkit (EMET), is a free tool that brings newer security mitigations to older Microsoft platforms and applications, both third-party and line of business applications. The tool specifically helps block targeted attacks against unfixed vulnerabilities and will be available in August. Those interested can click here to watch an instructional video.