|Q: What is the Microsoft Active Protections Program?|
A: Launched in 2008, the Microsoft Active Protections Program supplies Microsoft vulnerability information to security software partners prior to Microsoft's monthly security update release so partners can build enhanced customer protections.
|Q: Why does Microsoft use these program criteria?|
A: Microsoft is committed to minimizing risks to customers, and the eligibility criteria is necessary for targeting protections that cover broad groups of customers. Microsoft will continue to evaluate and update the criteria appropriately.
|Q: What are "active software security protections”?|
A: Active software security protections can detect intrusions into a Microsoft system or defend a Microsoft system from exploitation attempts, without the availability of a Microsoft security update for the issue being exploited. For example, antivirus definitions that trigger malicious behavior or IDS signatures that block exploitation attempts are active software security protections.
|Q: If my company develops technology that only uses third-party signatures to provide protections to my clients, can I be in MAPP?|
A: No, MAPP requires that its members actively create signatures or similar threat remediation in-house for their products. MAPP participants are expected to directly use the data provided to them via the program to develop protections in-house.
|Q: If I am accepted into MAPP, what exactly do I get?|
A: You will receive advance vulnerability information for those vulnerabilities to be addressed in Microsoft’s regularly scheduled monthly security update releases. This information package will provide documents that outline our information on the vulnerability. These documents outline the steps used to reproduce the vulnerability as well as the steps used to detect the issue.
At times, Microsoft might also provide a proof-of-concept or repro tool that further illuminates the issue and helps with additional protection enhancement. Providing this information enables software security providers to provide timely and enhanced protections for our mutual customers.
|Q: How does MAPP make customers safer?|
A: The MSRC is committed to continuous improvement to help customers manage risk and protect themselves. By sharing vulnerability information prior to the public release of a security update, Microsoft enables security software providers who operate at the application and network layer to offer protection to our mutual customers in a timely manner.
Without this program, security software providers would have to wait until the public release of the security bulletin to develop protections.
|Q: Will I be able to tell my customers I am part of MAPP?|
A: Yes, this is a public program. If you are accepted as a participant, you may market yourself as a MAPP member. The aspects of the program that are confidential are those that pertain to operations and the data that is provided. All confidential information is subject to the Microsoft Non-Disclosure Agreement.
|Q: How do I submit my company for consideration into MAPP?|