"Security has been a painful issue for Microsoft on several occasions in recent years. However, the tech giant is now drastically expanding its bug bounty program. All critical vulnerabilities affecting online services will now be eligible for rewards, regardless of whether they involve proprietary code, third-party software, or open source. The approach, summarized under the term "In Scope by Default," suggests a positive shift in Microsoft's security posture."
"This is a positive message from Microsoft, which itself seemed to have downplayed the priority of security within its own software. Wake-up calls came in the form of compromises by the Russians and Chinese, while the US Cyber Safety Review Board delivered a damning assessment of Microsoft's security practices. Such attacks should now be a thing of the past, at least compromises for which Microsoft is largely to blame."
Microsoft is drastically expanding its bug bounty program so that all critical vulnerabilities affecting online services become eligible for rewards. Eligibility now includes flaws in proprietary code, third-party software, and open-source components. The policy is framed as 'In Scope by Default' to broaden protection across the company's online offerings. The change aims to address prior security shortcomings highlighted by high-profile compromises and external reviews. The expanded scope removes historic product-specific scope restrictions; any critical vulnerability with a direct, demonstrable impact on online services qualifies for payment. The broader program intends to strengthen cloud and application security and encourage wider community engagement in vulnerability reporting.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]