Microsoft announced its new Gold Certified Partner Program for Security Solutions, along with a list of requirements that partners must meet on an ongoing basis to maintain partner status. Partner benefits will include priority access to advanced training, increased product licenses and Microsoft Developer Network (MSDN) access, priority listing on referrals and engagements, an exclusive Web site, and exclusive marketing materials separate from other materials that Microsoft provides to other solution providers.
To apply for partner status in the new program, companies must already be a member of the Certified Partner Program and must submit the names of three customers. Company references will expire after 18 months, so partners must submit the names of three other customers once the previous submissions expire.
In addition, Gold Certified Partner Program members must have four MCSE or MCSD technicians enroll in the Security Solutions category, and at least two MCSEs must have passed three of four following Microsoft exams:
- Implementing and Administering a Microsoft Windows 2000 Network Infrastructure (70-216)
- Designing Security for a Microsoft Windows 2000 Network (70-220)
- Designing a Microsoft Windows 2000 Network Infrastructure (70-221)
- Installing, Configuring, and Administering Microsoft ISA Server and 2000 (70-227).
Microsoft said that all MCSEs must be Win2K certified, and that the 70-220 exam will probably become mandatory for participation in the new program by July 2002.
Partners providing customer references, as required for membership in the program, must also disclose information about a customer's internal operational characteristics, such as the number of CPUs present in the customer's shop, the number of concurrent users or devices, and the total number of billable and non-billable hours the partner has spent working with the customer. If customers don't respond to Microsoft's request for verification of the submitted reference details, the prospective partner won't be able to use that customer as a reference for membership in the program.
As part of the membership requirements, Microsoft will also require all partners to report any discovered security vulnerabilities to Microsoft and let the company develop patches or workarounds before making those vulnerabilities known to the public, presumably even a partner's customers. In addition, Microsoft won't let partners disclose information about a vulnerability that might let a non-partner develop an exploit or demonstration code toward a given vulnerability.