Microsoft is expanding a program that shares information with select security firms, giving a new class of researchers access to threat data before the company patches its software.



From Computerworld:

The current Microsoft Active Protections Program (MAPP) will be scrapped, said Mike Reavey, a senior director of the Microsoft Security Response Center, or MSRC, in an interview Friday. Taking its place will be a new two-pronged program.

MAPP for Security Vendors will take the place of the original MAPP, which debuted in October 2008. Like its predecessor, MAPP for Security Vendors will provide detailed data on vulnerabilities Microsoft intends to patch. Some of the vetted vendors, those with the longest time in MAPP, will receive vulnerability details from Microsoft earlier than before: Three business days prior to Patch Tuesday rather than the current one day.

What Reavey called "entry-level partners" will continue to get bug information just a day ahead of time.

  Microsoft expands bug info-sharing program to larger crowd