Microsoft legalizes beta testing of patches
Microsoft has announced the Defensive Information Sharing Program (DISP), which provides for cooperation with government services in various countries in the field of computer security. As part of the program, Microsoft will report secret technical information about unpatched vulnerabilities.
This project was previously referred to as Omega.
Microsoft emphasizes at the same time that information will be transmitted to governments only after their own specialists finish the cycle of “investigating and correcting” vulnerabilities, but before the release of the patch. That is, it’s not yet a fact that the information will really be “the most relevant,” as Microsoft claims.
It is known that Microsoft has previously discussed the development of patches in the secret mode with some specially trusted companies in the field of computer security. They also received "beta versions" of patches prior to their official release, so Microsoft could make edits at the last minute if the patch was not working properly . That is, it now seems that Microsoft is in some sense legalizing this system, which has been in effect since at least 2005.
')
The list of countries for which DISP pilot programs have been launched is not mentioned. It is reported only that they must be members of the Government Security Program (GSP) and Security Cooperation Program (SCP) programs. Perhaps the Russian intelligence services will now receive operational reports from Microsoft about unpatched vulnerabilities.
This project was previously referred to as Omega.
Microsoft emphasizes at the same time that information will be transmitted to governments only after their own specialists finish the cycle of “investigating and correcting” vulnerabilities, but before the release of the patch. That is, it’s not yet a fact that the information will really be “the most relevant,” as Microsoft claims.
It is known that Microsoft has previously discussed the development of patches in the secret mode with some specially trusted companies in the field of computer security. They also received "beta versions" of patches prior to their official release, so Microsoft could make edits at the last minute if the patch was not working properly . That is, it now seems that Microsoft is in some sense legalizing this system, which has been in effect since at least 2005.
')
The list of countries for which DISP pilot programs have been launched is not mentioned. It is reported only that they must be members of the Government Security Program (GSP) and Security Cooperation Program (SCP) programs. Perhaps the Russian intelligence services will now receive operational reports from Microsoft about unpatched vulnerabilities.
Source: https://habr.com/ru/post/93956/
All Articles