Microsoft Bug Bounty Program Expanded to Third-Party Code

Microsoft Bug Bounty Program Expanded to Third-Party Code

Posted on By CWS

Microsoft on Thursday introduced an enormous growth to its bug bounty program, which now additionally covers third-party and open supply code.

So long as a essential vulnerability impacts Microsoft’s providers, the researcher who finds and stories it’s eligible for a bug bounty reward.

“If a essential vulnerability has a direct and demonstrable impression to our on-line providers, it’s eligible for a bounty award. No matter whether or not the code is owned and managed by Microsoft, a third-party, or is open supply, we’ll do no matter it takes to remediate the problem,” Microsoft VP Tom Gallagher says.

Microsoft explains that this ‘In Scope by Default’ method aligns with hackers’ view of the assault floor: all safety defects matter.

“In an AI and cloud-first world, menace actors don’t restrict themselves to particular services or products. They don’t care who owns the code they attempt to exploit,” Gallagher notes.

In brief, safety researchers on the lookout for weaknesses in areas of excessive curiosity to menace actors are welcome to submit vulnerability stories by means of the Microsoft bug bounty program.

“If Microsoft’s on-line providers are impacted by vulnerabilities in third-party code – together with open supply, we need to know. If no bounty award previously exists to reward this important work, we’ll supply one. This closes the hole for safety analysis and raises the safety bar for everybody who depends on this code,” Gallagher says.

The replace has taken impact instantly, and Microsoft’s bug bounty program now contains all on-line providers by default. New providers are thought-about in scope as quickly as they’re launched.Commercial. Scroll to proceed studying.

The expanded Microsoft bug bounty program is the newest change the corporate has made as a part of the Safe Future Initiative it introduced in 2023, and follows the naming of two new Working CISOs this week.

Associated: CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future?

Associated: Microsoft Gives $5 Million at Zero Day Quest Hacking Contest

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Microsoft Unveils Safety Enhancements for Id, Protection, Compliance

Security Week News Tags:, , , , , ,

Related Posts

‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics ‘Whisper Leak’ LLM Side-Channel Attack Infers User Prompt Topics Security Week News
SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation SonicWall Hunts for Zero-Day Amid Surge in Firewall Exploitation Security Week News
User Data Compromised in SoundCloud Hack  User Data Compromised in SoundCloud Hack  Security Week News
Ingram Micro Scrambling to Restore Systems After Ransomware Attack Ingram Micro Scrambling to Restore Systems After Ransomware Attack Security Week News
U.S. Targets Russian Cyber Exploit Network with Sanctions U.S. Targets Russian Cyber Exploit Network with Sanctions Security Week News
James Bishop Appointed Pentagon’s New Cybersecurity Chief James Bishop Appointed Pentagon’s New Cybersecurity Chief Security Week News