Raising awareness for the Security Update Validation Program (SUVP)

In the last couple of weeks a large number of customers struggled with changes that were introduced through security fixes for the different versions of SharePoint (e.g. this regression and this design change).

In this context I would like to raise awareness for the Security Update Validation Program (SUVP) which gives eligible customers early access to security updates for all Microsoft products to allow them to evaluate them in a test environment before the official release. Joining this program would give customers extra time to evaluate the security fixes and the ability to provide feedback directly to the involved product teams responsible for the different fixes.

If your company has a Premier support contract with Microsoft I would encourge you to contact your CSAM to get nominated for this program.


What is the Security Update Validation Program?

The Security Update Validation Program (SUVP) is a quality assurance testing program for Microsoft security updates, which are released on the second Tuesday of each month. The SUVP provides early access to Microsoft security updates – up to three weeks in advance of the official release – for the purpose of validation and interoperability testing. The program encompasses any Microsoft products for which we fix a vulnerability (e.g. Windows, Office, Exchange, or SQL Server) and is limited to trusted customers under NDA who have been nominated by a Microsoft representative.

The purpose of the SUVP is to validate Microsoft security updates against participants’ own test images and infrastructures as well as their line of business, third-party, and in-house apps. Issues found prior to public release are quickly escalated through the SUVP directly to the product teams and product managers or engineers that would need to be involved in authoring the fix. This enables rapid root cause analysis (RCA) and remediation, and fixes can be quickly validated with the reporting partner. To protect the confidentiality of privately reported vulnerability information, SUVP participants are not given vulnerability details and are contractually disallowed from reverse engineering the updates or otherwise verifying the effectiveness of the security measures being implemented.

The benefit of participating in the SUVP program is the ability to identify issues that would impact your business before Microsoft security updates are released broadly. Once identified, issues are quickly triaged and mitigated to the extent possible. This, in turn, allows you to keep your production Windows machines (or those of your customers) secure and up-to-date each month without concerns about regressions in functionality.

To be considered for participation in the SUVP, please have your Microsoft representative reach out to SUVP Onboarding at SUVPRecruit@microsoft.com to submit a nomination. The program requires that participants sign a SUVP contract and have an active Azure Active Directory (Azure AD) tenant to enable distribution of content via Microsoft Collaborate.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.