Microsoft enlists Air Force as tester of security patches

The Air Force now has a head start on implementing Microsoft security patches through a program that allows the department to receive beta test versions of software.

Earlier this year, Microsoft Corp. admitted the Air Force to the Security Update Validation Program, an initiative that lets the service and a small group of other organizations beta test versions of Microsoft patches in environments, configurations and against applications. Under the program, the Air Force will receive beta patches before they are officially released.

The Air Force is "in discussions" with the Defense Department about ways to bring the security services concept to other branches of the military and federal agencies, according to John Gilligan, Air Force CIO. Under the program, Microsoft will identify vulnerabilities and implement fixes across the enterprise.

The Office of Management and Budget has also announced it is reviewing the Air Force-Microsoft security agreement and may be interested in a similar relationship for other government agencies.

Last year the Air Force signed a $500 million contract with Microsoft under its One Air Force, One Network program. The plan, which is not a part of the latest security initiative, consolidated 38 software license agreements scattered throughout numerous commands.

News of the Air Force's admission into the Security Update Validation Program comes on the heels of an unrelated announcement Microsoft made last month launching several security initiatives affecting governments worldwide.

In February, Microsoft announced the formation of a Security Cooperation Program that will give government organizations advance notice of vulnerabilities that are not yet publicized. Governments will be able to see Microsoft source code for the purpose of securing their own enterprises.

"By taking a collaborative approach with global governments, we can bring to bear the combined expertise from public and private sectors and enable governments to better prepare, manage and mitigate the impact of security incidents," Gerri Elliott, corporate vice president for the worldwide public sector at Microsoft, said in a news release.