As part of Microsoft's Security Update Validation Program, the software behemoth has implemented a closed beta testing programme, to allow outsiders to trial the patches for compatibility before they roll them out further. The company has made the programme invitation-only and does not expect to involve a large number of testers, said Debby Fry Wilson, director of the Microsoft Security Response Center.
"This is a very controlled programme," she said. "We have only invited participants with whom we have a close relationship, where we are sure that confidentiality will be maintained."
The teams who will get to take the sneak preview of the patches will be allowed limited access to the security updates. They'll be able to test the patches for reliability, application compatibility and stability but won't be able to take a look under the bonnet and get details about code and the vulnerabilities themselves. "It is a very large commitment on the part of the participant," Wilson said. "In some cases, customers have decided not to participate."
Feedback from the testers is then taken into account before the patch goes out to the rest of the public.
The patches are given to a number of customers across different industries who can only use them in test environments, a Microsoft spokeswoman said, and must provide feedback to Microsoft as part of the deal. The participants also have to sign a non-disclosure agreement.
The program had been trialled for a year before its formal launch, the spokeswoman added.
CNET News.com's Robert Lemos contributed to this report.
Talkback
Interesting, but *how* are the testers supposed to see if the patch has fixed the vulnerability if they are not allowed any information on the vulnerability that has been fixed by the patch?
They can test whether the patch stops the system working properly, but they can't test to see if the vulnerability itself has been properly addresses?
I would have thought a big part of the testing of a patch to fix a vulnerability would be to check to see if the vulnerability has been fixed? Checking to see if it affects any other processes or systems running with the patch in place, is of course very important, but it beggars belief that the testers can't test the vulnerabilities have been addressed...
What a big surprise. The multi-billion dollar company doesn't want to pay it's own testers. They take and take and take and give nothing back.
Of course I'd love to shell out loads of money for a test system so Microsoft can use it for bug-testing. Who wouldn't?