Locations

United StatesChangeAll Microsoft Sites

Search

Print Email Share
Print Email Share

Security Ecosystem Collaboration

Microsoft and MSRC partner with many others when we investigate potential vulnerabilities in Microsoft software. Microsoft looks to mitigate exploitation of vulnerabilities through the collaborative strength of the industry, partners, public organizations, customers, and security researchers.

Microsoft Security Response Center (MSRC) Vulnerabilits

Practicing Coordinated Vulnerability Disclosure

Microsoft encourages reasonable or coordinated vulnerability disclosure. Coordinated vulnerability disclosure means disclosing vulnerabilities privately to an affected vendor so that the vendor can develop a comprehensive security update to address the vulnerability before the vulnerability details are public. Ideally, this allows for the release of a security update before users are exposed to malicious exploitation.

Working with Security Researchers

When a security researcher (either an individual or organization) is acknowledged in one of Microsoft’s monthly security bulletins, it means that the vulnerability was reported to the Microsoft Security Response Center (MSRC) privately. The security researcher worked with us to help us understand the vulnerability, the extent of the risk to the products and platforms, and possible mitigations.

During the technical investigation and development of the update, the vulnerability reporter is continually kept apprised of the availability of the impending update.

This helps to minimize the threat and impact to customers everywhere by helping to ensure that Microsoft can fix the problem, ideally before widespread attacks occur.

Working Worldwide

Security researchers who report vulnerabilities to Microsoft live and work all over the world. Consequently, security-related conferences and events are held all over the world.

The MSRC sponsors and attends many of these conferences and events. Engaging in the security community by supporting worldwide events helps Microsoft learn about the new areas of focus and industry trends within the security community; tools and techniques; and related cultural and philosophical elements that affect the security landscape.

Global Conference Engagement

Security-related conferences are a platform for technical information exchange, for new research and relationships to be developed, and for greater understanding of regional trends and research. The MSRC has engaged the security community by cosponsoring or attending more than 60 security conferences worldwide since 2005.

While there are many more security conferences held around the world, and as much as Microsoft would like to have a presence at every security conference, the MSRC participates only in those security conferences wherein there is strict adherence to coordinated vulnerability disclosure.

The following chart shows coordinated vulnerability disclosures in Microsoft software received by the MSRC in each half-year period since the first half of 2005, as a percentage of all disclosures. The coordinated vulnerability disclosure percentage for the whole of 2009 was higher than any other year. The last five periods have each had rates above 70 percent—an encouraging sign following significantly lower rates in previous periods.

Microsoft Security Response Center (MSRC)

Engaging with the security community directly and proactively addressing security issues results in the majority of issues being responsibly reported.

Was This Information Useful?