Microsoft’s Bounty Program … Improves It’s Scope?
Careful Redmond, People Might Expect You To Improve Other Things As Well
Anyone who has dealt with Microsoft’s support services knows that there is nothing one of their reps likes more than finding a piece of third party software to blame a bug on. If they can do so they can then close off your case immediately, leaving you to try to navigate a different support team. Amazingly this tradition is being tossed to the wind as the Microsoft Bug Bounty program will now pay out “regardless of whether the code was written by Microsoft or a third party.“
The reasoning is that attackers don’t care who created the vulnerability, only that they can infect a Windows device with it. This was announced yesterday at Black Hat Europe and could mean we see a lot more effective patches coming out in the future. Microsoft have paid out over $17 million in bounty awards in the last 12 months to 344 different security researchers. They may see that bill climb, hopefully that doesn’t change Microsoft’s mind about third party app bug bounties.
Microsoft now pays security researchers for finding critical vulnerabilities in any of its online services, regardless of whether the code was written by Microsoft or a third party.
More Tech News From Around The Web
- Opera Wants You To Pay $20 a Month For Its AI Browser @ Slashdot
- New ConsentFix attack hijacks Microsoft accounts via Azure CLI @ Bleeping Computer
- Ubuntu Will Have Native AMD ROCm AI/ML and HPC Libraries In Next LTS Release @ Slashdot
- Microsoft won’t fix .NET RCE bug affecting slew of enterprise apps, researchers say @ The Register
- UK fines LastPass over 2022 data breach impacting 1.6 million users @ Bleeping Computer
- Xsight Labs X2 Switch Powering SpaceX Starlink V3 in a Milestone Win @ ServeTheHome
- Kindle Scribe Colorsoft brings color e-ink to Amazon’s 11-inch e-reader @ Ars Technica
- 5 Surprising Things I Actually Use My Android Smartphone For @ TweakTown
