Adobe / Microsoft to team up on Vulnerability Sharing

Mike Halsey MVP
Jul 29, 2010
Updated • Dec 3, 2012

Microsoft has announced that it's to extend it's Microsoft Active Protections Program (MAPP) to include vulnerability sharing information from Adobe.

The programme, launched in October 2008 allows sharing of information about security vulnerabilities with security software vendors.  So far 65 companies have signed up to the scheme.

In a statement, Microsoft said...

“Adobe products are relied on by individuals and organizations worldwide. Given the relative ubiquity and cross-platform reach of many of our products, as well as the continued shifts in the threat landscape, Adobe has attracted increasing attention from attackers,” said Brad Arkin, senior director of product security and privacy at Adobe. “We are committed to our customers’ security at every level and are excited to leverage MAPP as an important part of our overall product security initiative. MAPP is a great example of a tried and proven model giving an upper hand to a network of global defenders who all rally behind a shared purpose — protecting our mutual customers.”

“Microsoft acknowledges that the constantly changing threat landscape requires a new approach to security — collaboration and shared responsibility are key as past individual efforts are no longer enough,” said Mike Reavey, director of the Microsoft Security Response Center at Microsoft. “We’re excited about extending the benefits of MAPP to Adobe users as we’ve seen clear evidence of its impact in advancing customer protections. We continue to encourage the collective industry — from security researchers and vendors to customers— to recognize the responsibility we all share in fortifying the broader computing ecosystem against online crime.”

The PC ecosystem is so complex these days that closer co-operation between software and security vendors is essential to help maintain stability and consumer confidence.  While many people will directly blame Microsoft for having insecure software, most trained observers will point out that it's just not that simple, as the recent security scares for Adobe's Flash and Acrobat software proved.

Microsoft took the opportunity to call on the "broader community" from security researchers to vendors, to all move more towards a co-ordinated disclosure.

With luck, this move will also finally allow third-party vendors to release their patches through Windows Update with the forthcoming Windows 8 in 2012.


Tutorials & Tips

Previous Post: «
Next Post: «


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.