Microsoft Bug Bounty Program Expanded to Third-Party Code

Microsoft Bug Bounty Program Expanded to Third-Party Code

Posted on By CWS

Microsoft on Thursday introduced an enormous growth to its bug bounty program, which now additionally covers third-party and open supply code.

So long as a essential vulnerability impacts Microsoft’s providers, the researcher who finds and stories it’s eligible for a bug bounty reward.

“If a essential vulnerability has a direct and demonstrable impression to our on-line providers, it’s eligible for a bounty award. No matter whether or not the code is owned and managed by Microsoft, a third-party, or is open supply, we’ll do no matter it takes to remediate the problem,” Microsoft VP Tom Gallagher says.

Microsoft explains that this ‘In Scope by Default’ method aligns with hackers’ view of the assault floor: all safety defects matter.

“In an AI and cloud-first world, menace actors don’t restrict themselves to particular services or products. They don’t care who owns the code they attempt to exploit,” Gallagher notes.

In brief, safety researchers on the lookout for weaknesses in areas of excessive curiosity to menace actors are welcome to submit vulnerability stories by means of the Microsoft bug bounty program.

“If Microsoft’s on-line providers are impacted by vulnerabilities in third-party code – together with open supply, we need to know. If no bounty award previously exists to reward this important work, we’ll supply one. This closes the hole for safety analysis and raises the safety bar for everybody who depends on this code,” Gallagher says.

The replace has taken impact instantly, and Microsoft’s bug bounty program now contains all on-line providers by default. New providers are thought-about in scope as quickly as they’re launched.Commercial. Scroll to proceed studying.

The expanded Microsoft bug bounty program is the newest change the corporate has made as a part of the Safe Future Initiative it introduced in 2023, and follows the naming of two new Working CISOs this week.

Associated: CISO Conversations: Are Microsoft’s Deputy CISOs a Signpost to the Future?

Associated: Microsoft Gives $5 Million at Zero Day Quest Hacking Contest

Associated: Microsoft Patches 57 Vulnerabilities, Three Zero-Days

Associated: Microsoft Unveils Safety Enhancements for Id, Protection, Compliance

Security Week News Tags:, , , , , ,

Related Posts

Poland Sees Spike in Cyberattacks Targeting Energy Sector Poland Sees Spike in Cyberattacks Targeting Energy Sector Security Week News
DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total  DDoS Attacks Blocked by Cloudflare in 2025 Already Surpass 2024 Total  Security Week News
Hacktivist Surge Amid US-Israel Strikes on Iran Hacktivist Surge Amid US-Israel Strikes on Iran Security Week News
Russian Hackers Bypass Gmail MFA with App Specific Password Ruse Russian Hackers Bypass Gmail MFA with App Specific Password Ruse Security Week News
In Other News: WhatsApp Passkey-Encrypted Backups, Russia Targets Meduza Malware, New Mastercard Solution In Other News: WhatsApp Passkey-Encrypted Backups, Russia Targets Meduza Malware, New Mastercard Solution Security Week News
Critical Linux Flaw ‘Pack2TheRoot’ Grants Root Access Critical Linux Flaw ‘Pack2TheRoot’ Grants Root Access Security Week News