Microsoft Expands Security Information Sharing Program to CERTs

Program to further response and guidance for computer security incident response worldwide.



GOLD COAST, Australia — May 2008 — Today at the annual AusCERT Asia Pacific Information Technology Security Conference, Microsoft Corp. announced the extension of the Microsoft Security Cooperation Program (SCP) to include computer emergency response teams (CERTs), computer security incident response teams (CSIRTS), and other response and guidance organizations that represent a nation, region or population.

SCP, a worldwide program originally formed for government entities, provides a structured way for Microsoft to share information efficiently, improving responses to computer security incidents and decreasing the risk of system attacks at member organizations. The primary goal of the third version of Microsoft SCP, called SCPcert, is to provide customers with the best protection possible by making necessary information available for CERTs to respond to computer security incidents.

Created in response to requests from CERTs to work more closely with Microsoft, SCPcert provides member response and guidance organizations with a structured environment in which to discuss information on threats to Microsoft products that affect stakeholders, to receive detailed information on those threats and to share information with Microsoft and other CERTs. Through the SCPcert site on the Microsoft Security Response Alliance (MSRA) portal and with proactive e-mail communications, SCPcert will build a collaborative public-private partnership for information exchange and incident response, helping customers decrease risk from attacks on their IT infrastructures.

“Through the MSRA, we build strong partnerships with others in the security response ecosystem to help better protect our mutual customers around the world,” said Mark Miller, director of Trustworthy Computing Public Relations at Microsoft. “Working with CERTs through this extension of the MSRA is the next logical step in helping ensure infrastructures remain safe from attack, responses are well-coordinated and the right channels are in place to share information that can help protect customers.”

The program also provides member CERTs with a rich set of materials to support their security awareness programs, including security-related brochures, posters, presentations and videos, many of which may be branded exclusively by members for their own organizations.

To join SCPcert, CERTs must be part of a government, recognized by a government, or recognized by the population being represented. Additional information about Microsoft’s SCP, including background on SCP for government entities and higher education, can be found at http://www.microsoft.com/industry/government/SCP.mspx. SCP is part of MSRA, about which more information is available at http://www.microsoft.com/security/msra/default.mspx.

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.