Working Together: Adobe Vulnerability Info Sharing via Microsoft Active Protections Program (MAPP)

Last week, we introduced Adobe Reader Protected Mode (aka sandboxing).  This security mitigation feature in the next major version of Adobe Reader is just the most recent public example of the proactive engineering steps we are taking to help protect our customers.  Despite our excitement about sandboxing, we remain realistic that offensive techniques are always marching forward.  A key priority for us is the ability to work with the broader security community to effectively respond to and mitigate new threats.

Today, I’m happy to announce a significant initiative in collaboration with Microsoft: Starting this fall, we will begin sharing vulnerability information for all Adobe products through the Microsoft Active Protections Program. Launched in October 2008 by the Microsoft Security Response Center, MAPP represents a global collaborative effort to facilitate advanced information sharing of Microsoft (and now Adobe) product vulnerabilities with security software providers, such as antivirus or intrusion detection and prevention vendors. By receiving vulnerability information prior to the public release of a security update, MAPP partners get an early start over exploit code writers, enabling them to offer protection to customers in a timely manner.

MAPP is a great example of a tried and proven model giving an upper hand to a network of global defenders who all rally behind a shared purpose—protecting our mutual customers.

We look forward to working with Microsoft and the 65 global MAPP partners. We are confident that by working together to defend customers and partners against those with malicious intent, we can make a positive impact on the security ecosystem.