LAS VEGAS — As a major computer security conference kicked off here Wednesday, Microsoft announced that teamwork between technology rivals is paying off in the perpetual arms race with hackers.
"As we look at the industry, we see this continued need for shared responsibility," said Microsoft Trustworthy Computing Group director Dave Forstrom. "We must work together."
Microsoft chose a Black Hat computer security conference in Las Vegas as the stage to unveil findings that initiatives it launched here two years earlier were getting software makers, users and defenders to become allies.
As of June, there were 65 companies worldwide taking part in the Microsoft Active Protections Program (MAPP) for early access to the technology giant's security updates.
"MAPP shifted the competitive advantage from attackers to defenders," Forstrom said.
"Before MAPP, we released vulnerability patches on Tuesday and immediately there was a race with the hackers trying to reverse-engineer and attack, and IT guys working to put in patches."
Releasing software fixes to everyone at the same time gave hackers an "attack window" that remained open until computer users applied upgrades or patches.
The MAPP program let "good guys" got a head start building or installing patches or fixes before cyber criminals could craft attacks targeting the vulnerabilities.
Microsoft's other initiatives involved indexing how dangerous bugs are so businesses can prioritize responses and checking for vulnerabilities in third-party software that runs on the technology titan's platforms.
Adobe recently signed on to the Microsoft initiatives and is using the network as a conduit for details about updates or patches for its suite of software that includes Flash and Reader.
"Vendors had to wait for the day we published an update, then begin a foot race with bad guys who try to leverage attacks," said Brad Arkin, senior director for product security and privacy at Adobe.
"It is all about narrowing the window of vulnerability. The success of the MAPP program has demonstrated to us it is worth it."
He added that since opening up to "partners on the front line" the time it takes his team at Adobe to learn about new software attacks has plummeted from weeks to seconds.
"Customers aren't concerned about competitive differences," Forstrom said. "They want to know how software vendors out there are working together and have their backs."
Forstrom equated collaborative efforts of computer software and security rivals to US "Neighborhood Watch" programs in which neighbors form tightly knit groups united against crime in their communities.
"Cops were not able to keep up with crime so they involved citizens with law enforcement," Forstrom said. "We see the same thing in the online landscape. These criminals are invading our homes, our businesses and our privacy."
Last week, Microsoft proposed a standard that would call on those who discover software bugs to give program creators chances to fix the flaws before telling the rest of the world.
Responsibly sharing details about software weaknesses is bound to be a hot topic here this week as Black Hat segues into a notorious DefCon gathering of hackers whose status comes from exposing ways past computer defenses.
"Some of these debates may never be resolved," Forstrom said. "There should be a refocusing on the fact that criminals really are at the heart of this and are the one common enemy we share."
Software wizards in DefCon contend they routinely take their discoveries to companies involved.
Copyright © 2013 AFP. All rights reserved. More »