[ad_1]
Bottom line: Microsoft’s newest Patch Tuesday comprises fixes for greater than 100 vulnerabilities, ten of that are important distant code execution flaws. The firm desires to get forward of cybercriminals by encouraging safety researchers with greater rewards for each high-impact flaw they will discover in its Microsoft 365 merchandise.
If there’s one factor the safety group has been complaining about for years, it is that almost all corporations pay little or no for vulnerability discoveries and even go so far as silently patching their software program with out giving credit score to the people who reported the problems. The drawback is extreme sufficient that some safety researchers have been exploring the thought of promoting their work to zero-day brokers and different third events to make ends meet.
On the upside, corporations have been progressively growing bug bounty funds as of late, presumably motivated by a surge in cyberattacks and malware campaigns.
Microsoft just lately introduced that it could add scenario-based bounty awards to the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program.
The Redmond large hopes to encourage safety specialists to focus their work on vulnerabilities that would have the best potential impression on customers’ privateness. To that finish, it’s going to additionally enhance the utmost payouts by as much as 30 % or $26,000, relying on the state of affairs and the severity of the bug.
For occasion, discovering a vulnerability that enables distant code execution by means of untrusted enter qualifies for a 30 % bonus on high of the usual M365 bounty award.
The firm says larger awards are additionally attainable “at Microsoft’s sole discretion, based mostly on the severity and impression of the vulnerability and the standard of the submission.”
This transfer follows the same one from final yr that noticed the Azure Bounty Program enhance the utmost payout to $60,000 for prime severity cloud vulnerabilities. Other corporations like GitLab, Google, and Atlassian have all raised their high payouts for important bug discoveries by as a lot as 50 %.
Earlier this yr, Intel additionally expanded its bug bounty program for researchers probing the safety of firmware, hypervisors, GPUs, and extra.
[ad_2]