At the BlackHat security conference this week Microsoft released three new papers about software vulnerabilities:

  • Vulnerability Management at Microsoft whitepaper (July 2010)

Vulnerabilities are weaknesses in software that enable an attacker to compromise the integrity, availability, or confidentiality of that software.  Microsoft uses a process to investigate and release security updates that address vulnerabilities in the software it produces.

In this paper you’ll learn about this process and how Microsoft uses a multipronged approach to help its customers manage their risks.  This approach includes three key elements: (1) High quality security updates - using world class engineering practices to produce high quality security updates that can be confidently deployed to over a billion diverse systems in the PC eco-system and help customers minimize disruptions to their businesses; (2) Community based defense - Microsoft partners with many other parties when investigating potential vulnerabilities in Microsoft software. Microsoft looks to mitigate exploitation of vulnerabilities through the collaborative strength of the industry and through partners, public organizations, customers, and security researchers.  This approach helps to minimize potential disruptions to Microsoft’s customers’ businesses; (3) Comprehensive security response process - employing a comprehensive security response process that helps Microsoft effectively manage security incidents while providing the predictability and transparency that customers need in order to minimize disruptions to their businesses.

DOWNLOAD the free Vulnerability Management at Microsoft whitepaper (July 2010) now

  • MSRC Progress Report ( July 2010)

Find out how three programs launched by the MRSC in August 2008 have helped customers, partners and third-party software developers improve the security of users of Microsoft software. The three programs - Microsoft Active Protections Program (MAPP); Microsoft Exploitability Index, and; Microsoft Vulnerability Research (MSVR) – collectively share more information with partners and customers.

DOWNLOAD the free MSRC Progress Report (July 2010) now

  • The Microsoft Vulnerability Research Program (July 2010)

The Microsoft Vulnerability Research (MSVR) program, launched in 2008, leverages Microsoft knowledge and experience in securing software to help other software and hardware vendors deal with vulnerabilities reactively as well as develop proactive internal programs to improve the overall security of their products. This whitepaper explains how MSVR works with software and hardware vendors around the world and reports progress made to date.

DOWNLOAD the free Microsoft Vulnerability Research Program whitepaper now