Tech »  Topic »  Microsoft promises more bug payouts, with or without a bounty program

Microsoft promises more bug payouts, with or without a bounty program

1 day, 7 hours ago   theregister.co.uk

Critical vulnerabilities found in third-party applications eligible for award under 'in scope by default' move

Microsoft is overhauling its bug bounty program to reward exploit hunters for finding vulnerabilities across all its products and services, even those without established bounty schemes.

Tom Gallagher, VP of engineering at Microsoft Security Response Center (MSRC), told Black Hat Europe delegates yesterday that the company will adopt what it calls an "in scope by default" approach.

Under the new model, MSRC will pay researchers who report critical vulnerabilities that have a demonstrable impact on Microsoft's online services.

"Regardless of whether the code is owned and managed by Microsoft, a third party, or is open source, we will do whatever it takes to remediate the issue," Gallagher said. "Our goal is to incentivize research on the highest risk areas, especially the areas that threat actors are most likely to exploit."

The same class of ...


Copyright of this story solely belongs to theregister.co.uk . To see the full text click HERE