Microsoft Active Protections Program (MAPP) - July 2013 changes
Microsoft details changes this month associated with it's MAPP initiative:
QUOTE: MAPP was our answer to a common phrase used back then: “Update Tuesday, exploit Wednesday.” This was a time when exploit writers had developed full automation for reverse engineering our security updates and building exploits. Security vendors received information at the same time as everyone else and had to then develop and test signatures before applying the updates. MAPP gave the security vendors, the “good guys,” a head start against the “bad guys.” In the years since its inception, MAPP has been successful in allowing these vendors to release protections when we release the updates so that our customers have the time they need to test and deploy them.
Today, we are introducing a few changes based on the changing threat landscape and feedback from our partners.
MAPP for Security Vendors -- First, in order to have a clear definition of the existing MAPP program and be able to convey how the new programs differ, we are now calling what the world today knows as MAPP, “MAPP for Security Vendors.” So, on top of streamlining and improving the quality of detection guidance, we are expanding the signature development window from one to three business days for MAPP partners who meet certain stringent criteria.
MAPP for Responders -- Through this new program, MAPP for Responders, we are working to build new partnerships and community collaborations that will enable strategic knowledge exchange. Microsoft intends to contribute to this effort by sharing threat indicators such as malicious URLs, file hashes, incident data and relevant detection guidance. Employing a “give to get” model, the community will benefit when data they provide is enriched by aggregating it with data from others.
MAPP Scanner-- The MSRC employs some of the brightest engineers in the industry, the sort who build tools such as !exploitable, OffVis, and EMET. MAPP Scanner, currently in a closed pilot program, is a content-based vulnerability scanner developed by our security engineers to aid in investigating incidents. We are introducing MAPP Scanner as a cloud-based service that can be used to scan Office documents, PDF files, Flash movies, and suspect URLs, to determine if they are attempting to exploit a vulnerability.
Going Forward -- As with Microsoft’s other security initiatives, such as the BlueHat Prize and our new bounty programs, the mission for MAPP is simple: mitigate entire classes of attack and protect customers. We have a long history of working across many different communities to drive this mission and will continue to do so.