Careful Redmond, People Might Expect You To Improve Other Things As Well
Anyone who has dealt with Microsoft’s support services knows that there is nothing one of their reps likes more than finding a piece of third party software to blame a bug on. If they can do so they can then close off your case immediately, leaving you to try to navigate a different support team. Amazingly this tradition is being tossed to the wind as the Microsoft Bug Bounty program will now pay out “regardless of whether the code was written by Microsoft or a third party.“
The reasoning is that attackers don’t care who created the vulnerability, only that they can infect a Windows device with it. This was announced yesterday at Black Hat Europe and could mean we see a lot more effective patches coming out in the future. Microsoft have paid out over $17 million in bounty awards in the last 12 months to 344 different security researchers. They may see that bill climb, hopefully that doesn’t change Microsoft’s mind about third party app bug bounties.
