When Microsoft announced plans to share information on vulnerabilities with security software vendors as part of <A HREF="http://www.eweek.com/c/a/Security/Microsoft-Security-Plans-Set-Example-for-Infrastructure-Vendors/?kc=EWKNLINF08132008STR5">the Microsoft Active Protections Program,</A> the company underscored what could be a shift to a new era of cooperation in the name of security.
In light of the largely successful coordinated release of patches for the much-publicized domain name system (DNS) flaw, it is time for infrastructure vendors to embrace cross-vendor cooperation.
The idea behind the Active Protections Program, which is slated to launch in October, is to give antivirus, intrusion prevention system and network security vendors a heads-up on patches and vulnerabilities prior to Patch Tuesday. According to Microsoft officials, the predictability of the company's monthly security update process has had an unintended result--the release of exploit code tied to Patch Tuesday updates, sometimes within hours of the patches.