Adobe adds to Microsoft Active Protections Program

Stephen Withers
Thursday, 29 July 2010 02:00

IT Industry - Strategy

Security vendors will receive advance information about vulnerabilities in Adobe software via a Microsoft program. Microsoft is also set to make available a tool to take better advantage of the security mitigations built into recent versions of Windows even if application developers didn't.

The Microsoft Active Protections Program (MAPP) is an arrangement in which more than 60 security software and hardware vendors (including Cisco, IBM, and Symantec) receive vulnerability information from Microsoft just before the corresponding security bulletins are released to the public.

The idea is that this practice allows vendors to simultaneously deliver updates to their products (eg, new signatures) that will protect users until they can apply the patches to the Microsoft software. Approximately one billion systems worldwide are protected by MAPP partners' products.

Earlier this year, Brad Arkin, director of product security and privacy at Adobe, said "Why do you attack Adobe software? Because that's where the users are." Adobe claims its software is installed on 98% of the world's desktops, and on many devices such as phones.

Since software such as Flash provides complex functionality, it also presents a large attack surface, Arkin explained.

Jerry Bryant, group manager, marketing communications in Microsoft's trustworthy computing group, told iTWire that the program was intended to avoid the "Patch Tuesday/Exploit Wednesday" situation that arises when hackers quickly develop exploits for the newly-public vulnerabilities before most of the affected systems have been patched.

MAPP notifications will now cover software from Adobe as well as Microsoft.

CONTINUED