According to a report today from Eweek, Microsoft will soon start offering Beta patches to external Beta testers.
This is a big move to speeding up the patching process, which, in previous months has been heavily criticised when Security outlets go 'full disclosure'. Microsoft has created a 'Security Update Validation Program' for essential partners and customers to get early access to patches and provide valuable feedback. Although the customers will be testing the patch they will have no information on what vulnerability it's attempting to fix.
It's expected that MVPs and ISVs will soon have access to the beta patches too. All testers will need to mimick patch deployments in a lab environment.
If this new way of testing patches works then it's a step forward for Microsoft who have released patches that are long overdue, recalled or in the worst case has opened doors for exploitation.
Update: Thank you to Andrew for reminding me that back in 2003 Microsoft ran the Windows Update 4.0 beta programme. In that programme Microsoft beta tested two updates for Windows XP, Recommended Update for Windows XP (818043) - Beta and Security Update for Windows XP (815021) - Beta. The goal was to find out how well the two packages' installation functionality was working.
Microsoft also issued beta patches for Windows 2000, Q329553: Critical Update (Windows 2000) - Beta Express Package and 811493: Security Update (Windows 2000) - Beta Express Package.
However, Microsoft has since ceased offering beta patches through their Windows Update beta programmes.
View: Microsoft Security Homepage
View: Eweek Story
-1 Comments - Add comment