Microsoft Baseline Security Analyzer (MBSA) is a tool that helps organizations in evaluating their security state and provides recommendations for improvements. It is a free tool that can be downloaded from the Microsoft website and is compatible with most versions of Windows.
However, the MBSA tool has certain limitations when it comes to scanning and reporting vulnerabilities in third-party applications. To address this issue, Microsoft has come up with an MBSA agreement that allows third-party vendors to share their vulnerability assessment results with Microsoft.
Under this agreement, third-party vendors can share their vulnerability data with Microsoft, which will then include this data in its MBSA tool. This means that MBSA users will have an expanded view of their organization`s security posture, including vulnerabilities in third-party applications.
The MBSA agreement is a win-win for both Microsoft and third-party vendors. Microsoft benefits by providing more comprehensive security assessments to its users, while third-party vendors benefit by having their application vulnerabilities included in the MBSA tool.
To participate in the MBSA agreement, third-party vendors need to meet certain requirements, including having a public vulnerability disclosure policy, providing vulnerability data in a standard format, and authorizing Microsoft to use the vulnerability data in its MBSA tool.
Overall, the Microsoft MBSA agreement is a great step towards improving the overall security posture of organizations. By providing a comprehensive view of vulnerabilities, including those in third-party applications, organizations can take proactive measures to improve their security and mitigate risks. If you are a third-party vendor and want to participate in the MBSA agreement, visit the Microsoft website for more information.