Microsoft recruits patch testers
Microsoft is recruiting software testers to vet the company's patches before monthly fixes are released to the public, the software giant announced this week.
The Security Update Validation Program lets selected corporate customers and consultants test Microsoft's software patches. However, the company has made the program invitation-only and does not expect to involve a large number of testers, said Debby Fry Wilson, director of the Microsoft Security Response Center.
"This is a very controlled program," she said. "We have only invited participants with whom we have a close relationship, where we are sure that confidentiality will be maintained."
The program, under development for about a year, is part of Microsoft's initiative to improve its software patching procedures and the overall security of its products. Last week, the company released a trial version of its antispyware product, and this week it released a tool for cleaning major worms and viruses from customers' hard drives during its monthly scheduled patch announcement.
Participants will mostly be large corporations that are customers or partners of Microsoft. Unlike customers wanting to try Microsoft's antispyware product, participants in Microsoft's Security Update Validation Program will have to abide by very strict guidelines, Wilson said. Participants must sign a nondisclosure agreement and pledge a significant amount of human resources to the program, she said.
"It is a very large commitment on the part of the participant," Wilson said. "In some cases, customers have decided not to participate."
For most customers, participating in the program will likely not be worth the effort, she added. Companies that do take part get to work with a patch before it gets broadly deployed--meaning quicker fixes to identified problems. Wilson would not say how many customers were participating in the patch review program.
Wilson said Microsoft hopes the initiative will improve not only reliability, but publishing speed.
"Our effort is to not just try and be more efficient from a quality standpoint, but to be more efficient from a time standpoint as well," Wilson said.