In August 2008, the Microsoft Security Response Center announced three security-related programs – (1) Microsoft Active Protections Program (MAPP); (2) Microsoft Exploitability Index, and; (3) Microsoft Vulnerability Research (MSVR) – that would collectively share more information with partners and customers.
With these programs, customers have increased access to more effective countermeasures and additional information to better evaluate risks.
Microsoft Security Response Center has just released a report which highlights the progress of the three programs.
The Microsoft Active Protections Program (MAPP), the Microsoft Exploitability Index, and Microsoft Vulnerability Research (MSVR) are the three strategic initiatives launched and managed by the MSRC; which also works to identify, monitor, resolve, and respond to security incidents and Microsoft software security vulnerabilities.
The illustration below shows the interrelation among these programs and how all the programs help to better protect customers.
The Microsoft Active Protections Program involves security partners in a bilateral communication with Microsoft, whereby partners receive vulnerability information prior to Microsoft’s security update release cycle so they can build enhanced customer software protections; in turn, partners help Microsoft assess the exploitability of its security updates.
The Microsoft Vulnerability Research program works with software and hardware vendors to help address vulnerabilities in third-party products running on the Microsoft Windows platform.
And finally, through the Microsoft Exploitability Index, customers receive additional security information and guidance from Microsoft that helps enable them to make better decisions around the deployment of Microsoft security updates.
Download report from Microsoft.