Microsoft offers early warning on flaws

/ Source: The Associated Press

Microsoft Corp. offered Wednesday to begin alerting the world's governments early to cyberthreats and security flaws in its attack-prone software.

Microsoft also wants to work with governments to help prevent and mitigate the damage from hacker attacks, said Giorgio Vanzini, the director of Microsoft's government engagement team.

The announcement, in Prague on Wednesday by Microsoft chairman Bill Gates, coincides with a mounting threat to the company's global dominance from "open source" software alternatives such as the Linux operating system.

Proponents say open-source software is cheaper to run and less vulnerable to security threats because the underlying code is freely shared and government agencies and municipalities from China and Japan to Germany and France are embracing or investing in developing it.

Microsoft already provides the U.S. government with early warnings. Vanzini said extending the program aims to protect critical infrastructure given that major Internet attacks can affect national security, economic stability and public safety.

(MSNBC is a Microsoft - NBC joint venture.)

The new program intends to complement Microsoft's existing Government Security Program, in which governments and agencies may review Microsoft's proprietary source code for Windows operating systems and Office business software and evaluate for themselves the software's security and ability to withstand attacks.

It supplements the advance but often vague warnings that Microsoft gives the general public on the severity of threats and which particular products are affected.

Governments, for instance, will be able to get information about publicly known vulnerabilities that Microsoft is investigating, he said.

The public warnings, by contrast, are short on details and often don't come until after Microsoft spends weeks or months developing and testing software fixes.

The government program will also provide data on security incidents and foster collaboration such as joint response in emergencies, Microsoft said.

Eligible participants, who must sign confidentiality agreements, include government agencies and ministries responsible for computer incident response, protection of critical infrastructure and public safety, Microsoft said.

So far three countries, Canada, Chile and Norway, as well as the U.S. state of Delaware, have been engaged in the new project, Vanzini said.

"Prevention of cyberdisruptions and improving our capacity to respond to incidents are critical to securing both our economy and public safety," Anne McLellan, Canada's Minister of Public Security and Emergency Preparedness, said in a statement.

Microsoft said it is currently in discussions with a number of countries about their possible participation in the program.

Governments currently under a trade embargo with the United States are not eligible to sign up to the program, which is provided free of charge.