Microsoft Bug Bounty Program Expanded to Third-Party Code

Posted on By CWS

Microsoft on Thursday introduced an enormous growth to its bug bounty program, which now additionally covers third-party and open supply code.

So long as a essential vulnerability impacts Microsoft’s providers, the researcher who finds and stories it’s eligible for a bug bounty reward.

“If a essential vulnerability has a direct and demonstrable impression to our on-line providers, it’s eligible for a bounty award. No matter whether or not the code is owned and managed by Microsoft, a third-party, or is open supply, we’ll do no matter it takes to remediate the problem,” Microsoft VP Tom Gallagher says.

Microsoft explains that this ‘In Scope by Default’ method aligns with hackers’ view of the assault floor: all safety defects matter.

“In an AI and cloud-first world, menace actors don’t restrict themselves to particular services or products. They don’t care who owns the code they attempt to exploit,” Gallagher notes.

In brief, safety researchers on the lookout for weaknesses in areas of excessive curiosity to menace actors are welcome to submit vulnerability stories by means of the Microsoft bug bounty program.

“If Microsoft’s on-line providers are impacted by vulnerabilities in third-party code – together with open supply, we need to know. If no bounty award previously exists to reward this important work, we’ll supply one. This closes the hole for safety analysis and raises the safety bar for everybody who depends on this code,” Gallagher says.

The replace has taken impact instantly, and Microsoft’s bug bounty program now contains all on-line providers by default. New providers are thought-about in scope as quickly as they’re launched.Commercial. Scroll to proceed studying.

The expanded Microsoft bug bounty program is the newest change the corporate has made as a part of the Safe Future Initiative it introduced in 2023, and follows the naming of two new Working CISOs this week.

Associated: CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future?

Associated: Microsoft Gives $5 Million at Zero Day Quest Hacking Contest

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Microsoft Unveils Safety Enhancements for Id, Protection, Compliance

Security Week News Tags:, , , , , ,

Related Posts

SAP Patches Critical Flaws in SQL Anywhere Monitor, Solution Manager Security Week News
F5 Blames Nation-State Hackers for Theft of Source Code and Vulnerability Data Security Week News
Fortinet FortiWeb Flaw Exploited in the Wild After PoC Publication Security Week News
Microsoft Reduces Israel’s Access to Cloud and AI Products Over Reports of Mass Surveillance in Gaza Security Week News
Minnesota Activates National Guard in Response to Cyberattack Security Week News
Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta Security Week News