Microsoft plans to open up who gets a sneak peek at its security bulletins.
The company said the preview of its upcoming security updates and patches would be available for three business days before its monthly patch update (the second Tuesday of the month). It will contain a general summary of the planned security bulletins, including the number of updates, their severity and overview of the products affected.
As first reported by internetnews.com, Microsoft has been giving only its premium customers a peek into what kind of patches would be coming out ahead of time. The year-old program was criticized by security analysts, who said all customers should be able to have access to the same security information.
During the RSA Security conference in Barcelona, Spain, Thursday, Microsoft said it would make all the previews available publicly beginning this month.
Amy Carroll of Microsoft’s security, business and technology unit, said the company
didn’t see advanced notification as a service for its premium customers, but rather a year-long test before bringing it into the public
arena. Users who weren’t premium members, but who
signed a non-disclosure agreement (NDA) as premium members did, were allowed
to participate, she said.
The preview of upcoming updates will be available three business days — in
November’s case, Friday — before the second Tuesday of the month.
It will contain a general summary of the planned
security bulletins, including the number of updates, their severity and
overview of the products affected.
Microsoft customers can go here
to see the summary. In December, officials will begin making advanced notifications
available by e-mail. Carroll said the
company is evaluating whether or not to include an RSS
down the road.
The page already contains its first entry for the planned Nov. 9 update to Microsoft’s Internet Security and Acceleration Server
(ISAS).
The notice coincides with an ISAS 2004 Validation Program launched by
company officials Thursday. The certification program is for ISVs
According to Microsoft’s release, anti-virus player McAfee
have already validated their SecurityShield service with ISAS 2004.
Certification is conducted by VeriTest here.
“We’re continuing to make progress,” Carroll
said of the company’s security-related initiatives. “We’ve been quite clear about our
commitment to security; it’s important to us and to our customers. What we’re seeing is
good progress, certainly there’s more to do. It’s an industry-wide issue
[but] there’s a lot more that needs to be done because there’s no one
solution.”
The company also announced in Barcelona the mid-2005 availability of Windows Rights
Management Services (RMS) Service Pack 1. RMS, released earlier this year,
provides policy rights for documents and the users who access
those files.
In related news, security officials at Microsoft are still looking for a fix
after reports surfaced on BugTraq and at Secunia Wednesday over new vulnerabilities found in Internet Explorer.