Tuesday, August 5, 2008

Collaboration Key to Security, Microsoft Says

Microsoft ratcheted up its PR and client communications efforts to demonstrate that it's serious about security. On Monday, in time for this week's Black Hat conference in Las Vegas, Microsoft's Security Response Center (MSRC) launched a new ecosystem strategy team blog outlining its more collaborative approach to software security issues.

"The industry is reaching a point where delivering an acceptable level of security today is beyond what one company can do alone, wrote Microsoft's Andrew Cushman in the blog's inaugural post. "There's real merit in the cliché, 'It takes a village'."

Cushman emphasized that it's high time for the industry to act together, and that includes not just Microsoft's strategic partners and channel partners, but independent security vendors, think tanks and government entities. Such collaboration would "improve the broader security ecosystem," Cushman said.


"Think of it as community-based defense, where we commit our skills and strengths to defend beyond our boundaries to protect our common customers," he wrote.

Collaboration on security is a good idea, as hackers affect everybody.

"You can't put a grade on products and services from a security standpoint," said Richard Kemmerer, a professor of computer science at University of California at Santa Barbara and board member of Microsoft's Trustworthy Computing Academic Advisory. "The best thing you can do is get the information out."

Michael Cherry, an analyst with independent consultancy Directions on Microsoft, agrees. "There's definitely no end point to security so I think that whatever is done to foster collaboration is a step in the right direction," he said.

Microsoft also announced an additional step augmenting its monthly security cycle. The company plans to release transcripts of its Webcast Q&A sessions on security within two days of its monthly Patch Tuesday release. The Webcasts are kind of a post-game breakdown of each security bulletin, explaining Microsoft's rating and the systems affected.


Apple ships massive Mac OS X 10.4 security upgrade
Microsoft Warns of ActiveX Exploit in Access
IE Is Least-Patched Browser, Report Says