With the Bug Bounty program, Microsoft has revamped its activities in recent years to include finding vulnerabilities not just in its own code; whereas now these vulnerabilities would come into consideration regarding third-party code and open-source systems if the threats in question compromise the integrity and security of Microsoft services. It is said that this policy shift has greatly tampered with the underlying tech-cultural agenda.
The "In Scope by Default" guideline stands for the view that any documented and high-impact vulnerability compromising Microsoft's online services will serve as a potential basis for reward regardless of whether that code or software belongs to Microsoft, or some third-party vendors, or is kept as an open-source application.
What is Are Bounty Bug Program by Microsoft?
A bug bounty program is an organized way that hackers or security experts can earn, through payment or benefit, the incentive to find and report security bugs or flaws in different applications and systems. Such programs are, among others, a buttress to the overall security posture by virtue of another ubiquitous attack, and help companies in identifying and diligently patching any vulnerabilities.
What's New Then- In Scope by Default?
Under the previous arrangements, bounties were awarded to a small select number of products and services; very rarely were rewards awarded to bug hunting done in areas not classed as eligible, some even tagged by a dozen. So starting now, it has gone on to award vulnerabilities that have an influence on Microsoft's services' security, even if they stem from third-party code or open source.
Rightly so, the earlier practice became more in line with reality, as threats today have ceased to be solely limited to the coded jurisdiction of one particular company. Hackers would tend to look for any vulnerability out there that would actually compromise the said service.
Third-party: The Real Winner?
Thus, comparable with a current trend in developing most software applications, there are a lot of libraries, open-source frameworks, and third-party codes implemented. A number of them are actually used by Microsoft's services. Hence, any third-party security flaw that compromises the security of Microsoft's online services or cloud services can be considered for a reward.
Hence, the following would be derived as a result:
*Hackers or researchers would be invited to seek vulnerabilities in third-party code.
*Security of the programs developed by Microsoft would be further fortified.
* The open-source community will be able to play its role in enhancing security.
Certainly, Very Exciting for Security Researchers
This new scheme states that each critical or high-risk vulnerability found affecting security in the service is payable for a reward. The amount of pay can depend on the severity and impact of the vulnerabilities. Last year, Microsoft paid more than $17 million (about crores of rupees) to security researchers for its Bug Bounty program.
Conclusion
With its In Scope By Default policy, Microsoft turned the whole Bug Bounty program into more inclusive, attractive, and, most importantly, ssecurity-orientedoriented. As it stands, vulnerabilities found in third-party code are very instrumental in the bigger state of security and represent a great achievement in that very technological sense. This will bring forth great prospects for all involved researchers, developers, and end-users.
You can also read:
OnePlus Turbo Packs Jaw-Dropping Power; The Battery King Is Back?
Follow our WhatsApp channel for the latest news and updates
