[ISN] Government Agencies To Get Early Dibs On Windows Patches
InfoSec News
isn at c4i.org
Mon Mar 14 04:43:29 EST 2005
http://www.informationweek.com/story/showArticle.jhtml?articleID=159401297
By Eric Chabrow
InformationWeek
March 11, 2005
Microsoft will give the Air Force and other federal agencies software
patches to test a month before the general public receives them. The
arrangement is part of Microsoft's Security Update Validation Program,
a "closed beta program" introduced within the past 12 months.
Microsoft will begin giving prerelease software patches to the Air
Force, The Wall Street Journal reported Friday. The Department of
Homeland Security will give advance notice of the new vulnerabilities
to other government agencies and distribute the patches to them after
they've been tested by the Air Force, the newspaper reported.
Advance testing will make it possible for government agencies to
install the patches as soon as Microsoft releases the final versions.
That's aimed at helping agencies stay ahead of hackers, who often are
able to develop attacks that exploit a software hole less than a week
after Microsoft discloses the vulnerability.
The early-access program is also available to select business
customers.
The software updates are provided to program participants only for
testing purposes, a Microsoft spokesman says. "Customers are
specifically prohibited from deploying these security updates in a
production environment," the spokesman says via E-mail. "Participants
are testing prerelease software, therefore the updates are provided
only to deploy in a test environment. Participants can only deploy the
security updates to their entire infrastructure when they are released
to the general public."
The issue of providing advance access to security bulletins and
software patches is a sensitive subject for Microsoft and other
software vendors, who need to ensure that information and code don't
find their way to hackers before final patches are available for all
customers. And customers who don't receive advance notice may believe
they're at a disadvantage.
More information about the ISN
mailing list