Microsoft expands security information sharing program to CERTs

Today Microsoft announced the extension of the Microsoft Security Cooperation Program (SCP) to include computer emergency response teams (CERTs), computer security incident response teams (CSIRTS), and other response and guidance organizations that represent a nation, region or population.

SCP, a worldwide program originally formed for government entities, provides a structured way for Microsoft to share information efficiently, improving responses to computer security incidents and decreasing the risk of system attacks at member organizations. The primary goal of the third version of Microsoft SCP, called SCPcert, is to provide customers with the best protection possible by making necessary information available for CERTs to respond to computer security incidents.

Created in response to requests from CERTs to work more closely with Microsoft, SCPcert provides member response and guidance organizations with a structured environment in which to discuss information on threats to Microsoft products that affect stakeholders, to receive detailed information on those threats and to share information with Microsoft and other CERTs. Through the SCPcert site on the Microsoft Security Response Alliance (MSRA) portal and with proactive e-mail communications, SCPcert will build a collaborative public-private partnership for information exchange and incident response, helping customers decrease risk from attacks on their IT infrastructures.

The program also provides member CERTs with a rich set of materials to support their security awareness programs, including security-related brochures, posters, presentations and videos, many of which may be branded exclusively by members for their own organizations.

To join SCPcert, CERTs must be part of a government, recognized by a government, or recognized by the population being represented.