BLACK HAT: Microsoft to work with third parties over vulns

Share this article:
Microsoft announced Thursday that it plans to work with third-party software providers to find and fix security vulnerabilities.

The Microsoft Vulnerability Research (MSVR) program, announced at the Black Hat conference in Las Vegas, will analyze software bugs in third-party products -- for example, Adobe Reader -- that are commonly used by Windows customers.

"While the source of the vulnerabilities will usually come from original research at Microsoft, the program will also handle third-party vulnerability coordination for blended threats reported to us by responsible researchers," Kate Moussouris, a Microsoft security strategist, wrote in a blog post.

In the past, Microsoft discovered third-party bugs more or less by chance but now the company plans to specifically look for flawed software, she said.

"The MSVR program will formalize the company's responsible disclosure efforts of working directly with affected vendors, confidentially providing them specific vulnerability information and helping them to create updates," Moussouris said.

Andrew Storms, director of security operations at network security firm nCircle, told SCMagazineUS.com at the show that the program makes sense, considering many researchers errantly report bug finds in third-party applications to Microsoft because the vector of exploit is often a Windows component, such as Internet Explorer.

The news follows two other announcements for Microsoft aimed at helping end-users more effectively patch their systems.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.