Microsoft Expands MAPP, Shares Attack Data With Incident Responders

Trailrunner7 writes "Microsoft is expanding its MAPP program that shares attack and protection information with other security vendors and will now be sharing some data with incident responders, as well. The new system will enable organizations such as CERTs and internal IR teams to exchange information on specific attacks and general threats. Now, Microsoft is expanding and changing the MAPP program so that more people will have access to some of the data and the information will be available earlier. Until now, MAPP members get access to patch data 24 hours before the release. Microsoft will be giving that information to MAPP companies three business days before Patch Tuesday going forward. The new MAPP for Responders program is an extension of the existing system and is designed to allow incident response teams to share information among themselves and to benefit from the threat intelligence that Microsoft has, as well."

Re:Shill Story

[Anonymous Coward]

..shill..

Sigh.. The Godwin's law of Slashdot now moving up to first post. The mark of a closed zealot mind is calling everything you don't like the work of shills.

This summary is not praising anyone, it is a factual story about MS changing their MAPP program. As someone working in security I find it interesting. We don't like facts now?

If you have a relevant argument about NSA in this context it would be much helped by non ad hominem arguments.

MAPP program and security?

[dgharmon]

"This summary is not praising anyone, it is a factual story about MS changing their MAPP program. As someone working in security I find it interesting. We don't like facts now?"

I don't like this fact, in order to protect *MY* documents from hackers, I must upload them to a VM in the Azure cloud ...

Re:

[mwvdlee]

Given the nature of the information and intended purpose, I don't see much wrong here.

The only thing slightly unreasonable to me is the "Are you willing to have your company name and URL displayed on our MAPP website?" question, but only because it has nothing to do with security and it probably the result of having to please the marketing department. In itself the question is harmless and most companies would probably prefer to have their name associated with MAPP.

Which questions do you think should be cha

Re:MAPP isn't nearly enough...

[benjymouse]

The only thing slightly unreasonable to me is the "Are you willing to have your company name and URL displayed on our MAPP website?" question, but only because it has nothing to do with security and it probably the result of having to please the marketing department.

In the interest of public disclosure of *who* has access to advance information about vulnerabilities before they are patched, I actually find it highly relevant. I can see good coming from giving truly security minded companies a head start. But I would like to know *who* gets this head start.

A few years back a rogue Chinese security company (or just a rogue employee?) leaked proof-of-concept exploit code to Chinese hacker websites. The security company had received the PoC code from Microsoft as part of the MAPP program. The intention was that security companies (AV vendors) could use the PoC code to create heuristics/signatures to scan for exploit attempts.

Of course the spin on slashdot was that Microsoft had "leaked" exploit information. Go figure.

It is also in this light we have to view the "Microsoft shares vulnerability information with the fr***** NSA!!! OMG! Conspiracy!!!" debacle.

Problems with NSA overreaching notwithstanding, I for one believe that NSA should receive vulnerability information at about the same time as it is made public to the other MAPP partners. This news is just that similar agencies of other countries now will receive the information at the same time as NSA and other MAPP partners.

Which is 1-3 days in advance.

Blackhat goldmine

[GameboyRMH]

1. Set up multiple front companies and get them in the MAPP program
2. Use byzantine fault tolerance to thwart canary traps
3. Become a top "cyber-weapons" dealer
4. PROFIT!

Re:Fuck These Daily Microsoft Parroted News Storie

[Anonymous Coward]

Waah waah, my open source religion does not allow me to read Microsoft news.

Microsoft Sandpit of Hell :)

[dgharmon]

"Microsoft is also putting Azure cloud to work via the MAPP Scanner program, which uses Redmond's servers to scan Office documents, PDF files, flash movies, and URLS for potential malicious content .. The scanner works by spinning up VMs for every supported version of Windows, and opens the content in all supported versions of the appropriate application, then looks for signs of a threat."

Reminds me of that Japanese horror movie where this feller is trapped in a sand pit and has to continually shovel san