Microsoft Bug Bounty Program Expanded to Third-Party Code

Posted on By CWS

Microsoft on Thursday introduced an enormous growth to its bug bounty program, which now additionally covers third-party and open supply code.

So long as a essential vulnerability impacts Microsoft’s providers, the researcher who finds and stories it’s eligible for a bug bounty reward.

“If a essential vulnerability has a direct and demonstrable impression to our on-line providers, it’s eligible for a bounty award. No matter whether or not the code is owned and managed by Microsoft, a third-party, or is open supply, we’ll do no matter it takes to remediate the problem,” Microsoft VP Tom Gallagher says.

Microsoft explains that this ‘In Scope by Default’ method aligns with hackers’ view of the assault floor: all safety defects matter.

“In an AI and cloud-first world, menace actors don’t restrict themselves to particular services or products. They don’t care who owns the code they attempt to exploit,” Gallagher notes.

In brief, safety researchers on the lookout for weaknesses in areas of excessive curiosity to menace actors are welcome to submit vulnerability stories by means of the Microsoft bug bounty program.

“If Microsoft’s on-line providers are impacted by vulnerabilities in third-party code – together with open supply, we need to know. If no bounty award previously exists to reward this important work, we’ll supply one. This closes the hole for safety analysis and raises the safety bar for everybody who depends on this code,” Gallagher says.

The replace has taken impact instantly, and Microsoft’s bug bounty program now contains all on-line providers by default. New providers are thought-about in scope as quickly as they’re launched.Commercial. Scroll to proceed studying.

The expanded Microsoft bug bounty program is the newest change the corporate has made as a part of the Safe Future Initiative it introduced in 2023, and follows the naming of two new Working CISOs this week.

Associated: CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future?

Associated: Microsoft Gives $5 Million at Zero Day Quest Hacking Contest

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Microsoft Unveils Safety Enhancements for Id, Protection, Compliance

Security Week News Tags:, , , , , ,

Related Posts

AI Is Supercharging Phishing: Here’s How to Fight Back Security Week News
OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail Security Week News
Cloudflare Blocks Record-Breaking 11.5 Tbps DDoS Attack Security Week News
Lanscope Endpoint Manager Zero-Day Exploited in the Wild Security Week News
Defakto Raises $30 Million for Non-Human IAM Platform Security Week News
All Microsoft Entra Tenants Were Exposed to Silent Compromise via Invisible Actor Tokens: Researcher Security Week News