The Security Update Validation Program (SUVP) is a quality-assurance testing initiative focused on Microsoft monthly security updates, which are released on the second Tuesday of each month (commonly known as Patch Tuesday). SUVP partners test these security updates prior to their release and provide feedback on usability, bugs, and results. This meticulous testing helps ensure security updates are ready to be made available to the public.
Program overview
Eligibility: Trusted partners under non-disclosure agreements (NDAs). All nominees must pass a stringent validation process before sharing any data.
Scope: Includes any Microsoft product with a vulnerability fix (e.g., Windows, some Microsoft 365 apps, Microsoft Exchange, Microsoft SQL Server, etc.).
Note: SUVP tests the compatibility of Microsoft products and security updates. It is not a vulnerability testing program. SUVP does not disclose any information regarding vulnerabilities, and reverse engineering of security updates is not allowed.
Cost: Participation is free.
Benefits:
- Early availability of updates to test compatibility
- Timely access to updates to help ensure seamless, rapid deployment of security updates and critical infrastructure
- Direct assistance from product groups to resolve issues encountered during testing
- Advanced knowledge of potential support issues
Testing cycle
Each month’s testing cycle, known as a “test pass,” begins up to one month prior to the update. Updates are continuously made available during the three to four week testing cycle. Prerelease security updates are available for download and testing through a secure site. If issues arise, feedback can be submitted through the methods provided by the SUVP team. Issues will then be escalated to the engineering team for resolution.
Program requirements
- Testers must provide feedback on the overall status of the update.
- If issues arise, testers must notify SUVP.
- Testing is required only for products relevant to the partner’s environment.
Additional information
Considerations: There is no penalty for not testing consecutively. However, if there is consecutive nonparticipation, that will need to be addressed. If you are unable to test for more than three months but wish to remain in the program, please inform SUVP.
Retrieving updates: SUVP provides secure methods for organizations to download and deploy prereleased security updates to your testing environment.
Get started
To express interest in joining the program, please first contact your Microsoft Account Manager. The SUVP team will review their request and respond within one week. Approved participants must sign a SUVP contract and an NDA (if one is not currently in place with Microsoft).
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.
Microsoft