Microsoft has reportedly expanded its Bug Bounty program, a move that could significantly change how the company addresses security vulnerabilities. Historically, Microsoft support has often attributed bugs to third-party software, frequently leading to cases being closed without a resolution. This practice, however, is now being reconsidered.
The Microsoft Bug Bounty program will now offer payouts for flaws impacting its services regardless of whether the code was written by Microsoft or a third party. This policy shift was announced at Black Hat Europe, recognizing that cyber attackers do not differentiate between first-party and third-party code when exploiting vulnerabilities to compromise Windows devices.
Careful Redmond, People Might Expect You To Improve Other Things As Well
This expanded scope is expected to lead to more effective security patches. Microsoft has already awarded over $17 million to 344 security researchers in the last 12 months. While this new inclusion of third-party application bugs may increase the program’s costs, it highlights a commitment to comprehensive security for users of Microsoft services.
