Microsoft Now Buys Bugs, with or without a Bounty Program

Microsoft now buys bugs, with or without a bounty program

: Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move

Microsoft bounty program now includes any flaw impacting its services

Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party.

Microsoft improves its bug bounty program with "In Scope by Default"

Microsoft is expanding its bug bounty program: all vulnerabilities affecting online services are eligible, including those in third-party and open source code.

Microsoft massively expands the scope of its bounty program

Microsoft is just one of many technology firms that have a bounty program that offers financial rewards for anyone who discovers security flaws in its products and services. The company has just announced a huge expansion of the scheme so it even covers problems found in third party code. Vice President of Engineering at Microsoft Security Response Center, Tom Gallagher, announced the broadened scope at Black Hat Europe. He stressed that “keepin…

Microsoft Expands Bug Bounty With In Scope By Default

Microsoft Corp. has announced a major update to its bug bounty program, extending coverage to include any vulnerability affecting its online services. This new framework, referred to as “In Scope By Default,” is an important shift in how the tech giant approaches coordinated vulnerability disclosure.  Under this updated model, every Microsoft online service is automatically eligible for bounty awards from the moment it launches. Previously, the …

Microsoft's Bounty Program ... Improves It's Scope?

Anyone who has dealt with Microsoft's support services knows that there is nothing one of their reps likes more than finding a piece of third party software to blame a bug on. …