Expanding MAPP to a wider audience increases the risk that bug and threat information may leak, leading to active attacks before patches reach customers.
Reavey admitted the danger, but said it is manageable. "This isn't really vulnerability information, but instead general threat intelligence," he said. "It's less volatile. But it's still a risk."
MAPP has had one very public leak in the past: In March 2012, Microsoft confirmed that sample attack code, called a "proof-of-concept exploit," posted on a Chinese hacker site had come from its sharing program. Several months later, Microsoft fingered Chinese security company Hangzhou DPTech Technologies for the leak and dropped the hammer, booting the firm from MAPP.
As part of the new MAPP, Microsoft will also kick off a cloud-based service, MAPP Scanner, where participants can submit suspicious Office documents, PDFs, and URLs. Microsoft's own tools, developed in-house over the last several years, will power MAPP Scanner.
The documents, files and URLs will be opened in a cloud-based virtual machine to see if they are trying to exploit a vulnerability. The results will be shared with participants and fed into Microsoft's own security process.
"We know how effective [those tools are] for us to speed up the process," said Reavey, of detecting new threats and even uncovering "zero-day" vulnerabilities. "[Offering the tools to others] is a great opportunity to get detections in place as soon as possible."
A pilot run of MAPP Scanner will launch almost immediately, said Reavey, but the other components will take time to roll out. He expected them to go live before the end of the year.
Reavey declined to outline the criteria Microsoft will use to vet security vendors and responders, saying that the company will over the next several months create guidelines after talking with current and potential participants.
Sign up for Computerworld eNewsletters.