Microsoft users to test patches

Redmond is rolling out a programme where trusted users can try out security patches on test systems and report back with any implementation problems
Written by Jo Best, Contributor
With aspirations to be an antivirus and anti-spyware vendor, Microsoft is opening up its security procedures to the outside world a little more: the Redmond giant is enlisting the help of outside testers for its security patches.

As part of Microsoft's Security Update Validation Program, the software behemoth has implemented a closed beta testing programme, to allow outsiders to trial the patches for compatibility before they roll them out further. The company has made the programme invitation-only and does not expect to involve a large number of testers, said Debby Fry Wilson, director of the Microsoft Security Response Center.

"This is a very controlled programme," she said. "We have only invited participants with whom we have a close relationship, where we are sure that confidentiality will be maintained."

The teams who will get to take the sneak preview of the patches will be allowed limited access to the security updates. They'll be able to test the patches for reliability, application compatibility and stability but won't be able to take a look under the bonnet and get details about code and the vulnerabilities themselves. "It is a very large commitment on the part of the participant," Wilson said. "In some cases, customers have decided not to participate."

Feedback from the testers is then taken into account before the patch goes out to the rest of the public.

The patches are given to a number of customers across different industries who can only use them in test environments, a Microsoft spokeswoman said, and must provide feedback to Microsoft as part of the deal. The participants also have to sign a non-disclosure agreement.

The program had been trialled for a year before its formal launch, the spokeswoman added.

CNET News.com's Robert Lemos contributed to this report.

Editorial standards