Microsoft Bug Bounty Program Expanded to Third-Party Code

Posted on By CWS

Microsoft on Thursday introduced an enormous growth to its bug bounty program, which now additionally covers third-party and open supply code.

So long as a essential vulnerability impacts Microsoft’s providers, the researcher who finds and stories it’s eligible for a bug bounty reward.

“If a essential vulnerability has a direct and demonstrable impression to our on-line providers, it’s eligible for a bounty award. No matter whether or not the code is owned and managed by Microsoft, a third-party, or is open supply, we’ll do no matter it takes to remediate the problem,” Microsoft VP Tom Gallagher says.

Microsoft explains that this ‘In Scope by Default’ method aligns with hackers’ view of the assault floor: all safety defects matter.

“In an AI and cloud-first world, menace actors don’t restrict themselves to particular services or products. They don’t care who owns the code they attempt to exploit,” Gallagher notes.

In brief, safety researchers on the lookout for weaknesses in areas of excessive curiosity to menace actors are welcome to submit vulnerability stories by means of the Microsoft bug bounty program.

“If Microsoft’s on-line providers are impacted by vulnerabilities in third-party code – together with open supply, we need to know. If no bounty award previously exists to reward this important work, we’ll supply one. This closes the hole for safety analysis and raises the safety bar for everybody who depends on this code,” Gallagher says.

The replace has taken impact instantly, and Microsoft’s bug bounty program now contains all on-line providers by default. New providers are thought-about in scope as quickly as they’re launched.Commercial. Scroll to proceed studying.

The expanded Microsoft bug bounty program is the newest change the corporate has made as a part of the Safe Future Initiative it introduced in 2023, and follows the naming of two new Working CISOs this week.

Associated: CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future?

Associated: Microsoft Gives $5 Million at Zero Day Quest Hacking Contest

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Microsoft Unveils Safety Enhancements for Id, Protection, Compliance

Security Week News Tags:, , , , , ,

Related Posts

Critical Authentication Bypass Flaw Patched in Teleport Security Week News
ChatGPT Tricked Into Solving CAPTCHAs Security Week News
WitnessAI Raises $58 Million for AI Security Platform Security Week News
In Other News: India-Pakistan Cyberattacks, Radware Vulnerabilities, xAI Leak Security Week News
DanaBot Botnet Disrupted, 16 Suspects Charged Security Week News
Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment Security Week News