Microsoft to Share Vulnerability Details with Governments

Microsoft today announced plans to share pre-patch details on software vulnerabilities with governments around the world under a new program aimed at securing critical infrastructure and government assets from hacker attacks.

The program, codenamed Omega, features a Defensive Information Sharing Program (DISP) will offer governments entities at the national level with technical information on vulnerabilities that are being updated in our products.

Microsoft’s Steve Adegbite explains:

We will provide this information after our investigative and remediation cycle is completed to ensure that DISP members are receiving the most current information. While this process varies from issue to issue due to the complex nature of vulnerabilities, disclosure will happen just prior to our security update release cycles.

The company also announced a second information sharing program called the Critical Infrastructure Partner Program (CIPP) that aims to “provide valuable insights on security policy, including strategies, approaches to help aid the protection efforts for critical infrastructures,” according to Adegbite.