Black Hat 2010: Adobe joins MAPP early warning programme

Microsoft is to extend its active protections programme (MAPP) to include vulnerability sharing from Adobe Systems.

Microsoft is to extend its active protections programme (MAPP) to include vulnerability sharing from Adobe Systems.

Adobe is to be the first outside company to join the programme, Microsoft announced at the BlackHat USA 2010 security conference taking place this week in Las Vegas.

MAPP was set up two years ago to enable advanced information-sharing on Microsoft product vulnerabilities with security software providers.

MAPP member Sourcefire reports that, in the race between exploit and protection, the programme has helped reduce the risk of attack in some cases by 75%.

"MAPP is a tried and proven model giving an upper hand to a network of global defenders, who all rally behind the shared purpose of protecting our mutual customers," said Brad Arkin, senior director of product security at Adobe.

Adobe will join Microsoft in sharing its vulnerability information with the 65 members of MAPP so they can offer advanced protection from exploits before they are announced.

"The constantly changing threat landscape requires a new approach to security," said Mike Reavey, director of the Microsoft Security Response Center.

Collaboration and shared responsibility are key to security going forward because individual efforts are not longer enough, he said.

"We're excited about extending the benefits of MAPP to Adobe users as we've seen clear evidence of its impact in advancing customer protection," said Reavey.

Customers do not care about competitive differences in the industry, said Dave Forstrom, director, Trustworthy Computing at Microsoft.

"They are more interested in seeing people come together to innovate to stay ahead of the complex threat landscape," told Computer Weekly.

MAPP shifts competitive advantage away from the attackers to the defenders by giving them early warning of vulnerabilities so they can provide protection, he said.

As targeted attacks shift from operating systems to applications, with the collaboration with third parties, Microsoft is helping them resolve vulnerabilities, said Forstrom.

From this Autumn, Adobe will be pushing out early warning information on their vulnerabilities to MAPP members. This means two of the most ubiquitous software companies in the world are continuing to shift the game in favour of the defenders, he said.

Asked whether Microsoft will be adding other suppliers to MAPP, Forstrom said the focus was on integrating Adobe, but would continue to evaluate other options.

Read more on IT risk management