US Govt. to Test Windows Patches Early
The U.S. government will join select partners of Microsoft in receiving security patches up to a month before they become generally available. The early-access program, already available to some customers, provides beta test versions of patches so customers can be prepared when vulnerabilities are publicly disclosed.
Microsoft signed a $500 million software deal with the Air Force last year, which stipulated that the Air Force will join the Security Update Validation Program and test patches before they are officially released. In turn, the military will become a beta tester for Microsoft's updates.
According to the Wall Street Journal, the Air Force will first receive the pre-release patches, which, following testing, will be distributed to other government agencies by the Department of Homeland Security. The goal is to allow the U.S. government to stay ahead of hackers who prey on disclosed flaws in Windows that are not yet patched.
Normally, it can take weeks of preparation before an update can be fully rolled out in a large organizations, such as the Air Force's 700,000 computers. But now, government agencies will know the patch has been fully tested by the time it is posted for download.
Microsoft was clear that the Air Force will not receive mission-critical security patches before any other customer. Rather, it will serve as an external evaluation team with "limited and controlled access to security updates to test for application compatibility, stability and reliability in simulated production environments."
"Microsoft then incorporates feedback from the program into the development of the final security updates," a company spokesperson told BetaNews. "The end result of this program is higher quality updates for customers to help ensure timely and effective deployment of updates."
"If these customers get test builds, they're really giant beta testers, and this isn't a situation where Microsoft is sitting on the patches for a month before distributing them broadly," added Jupiter Research senior analyst Joe Wilcox.
Government agencies aren't the only participants selected for Microsoft's Security Update Validation Program. Large corporate customers such as General Motors also beta test security patches for Redmond. Microsoft did not disclose how many participants are involved in the program, but said it was a "small number."
Microsoft recently launched several security notification initiatives in the face of increasing pressure from customers. In February, the company announced the Security Cooperation Program, which provides governmental organizations with information on vulnerabilities not yet available to the public.
For testing and certification purposes, Microsoft has also provided governments and certain groups limited access to Windows and Office source code.