Security through Collaboration: Microsoft Active Protections Program

  • Article


Handle:
Cap'n Steve

IRL:
Steve Adegbite

Rank:
Senior Security Program Manager Lead

Likes:
Reverse Engineering an obscene amount of code and ripping it up on a snowboard

Dislikes:
Not much but if you hear me growl…run

Yut!!! Nothing like a motivating US Marine Corps yell to get your attention. Hey Steve Adegbite here, just wanted to drop some words and give you my perspective on some of the News we (Microsoft) announced this morning.

You may have seen already we launched a trusted information sharing program for security software providers. It’s a program we created in hopes of actually helping the defenders get a leg up on protecting consumers. The Microsoft Active Protections Program will allow vetted security software providers early access to the technical details on the vulnerabilities we are addressing with each monthly security update. Microsoft is doing this in hopes that we can give the defenders more time to produce timely signatures. Basically, in doing this, we’re betting that cutting out the time to reverse engineer our security updates will give valuable time back to the defenders to focus on protection enhancement and faster delivery.

Most of the security community knows me from my work with the military and government before coming to Microsoft (i.e. founder of the USMC Information Assurance Red Team). One thing I harped on was that I believe security has to take a community-based focus. One aspect of this community-based approach is the establishment of a "trusted information sharing" program. As a red teamer, my job was to find the vulnerable points and feed that information to the defenders via trusted information channels. This helped the defender shore up their defenses or at least let them know where weak spots existed.

Microsoft Active Protections Programis doing a similar thing, just in a "commercial" way, and without me looking for vulnerable spots in code/networks at 3:45am. It’s not enough to point the finger at one entity and say “Fix it.” Those of us who belong to the security ecosystem must own the problem, and share in the solution.

I believe in this so much that when the opportunity arose to run for the steering committee at FIRST, I couldn’t miss it. I am glad Microsoft saw the same value, as they have allowed me to do this as a two-year commitment. That shows tremendous dedication to the idea that security at large is an ecosystem problem. But more on that in another time on this blog.

The point here is that everything can be addressed with the right collaborative effort. Microsoft gets that and is doing its part. The next upcoming year you’re going to see a lot of that action shining through in all arenas we engage on for security. Stay tuned and remember it takes a village to raise a child...but the digital village is where I live, and we are working together to raise a great and safe cyber ecosystem for consumers to enjoy.

For more of my insight live from Vegas check me out on twitter at www.twitter.com\SteveAdegbite

- Steve Adegbite

*Postings are provided "AS IS" with no warranties, and confers no rights.*