It’s Official – The Way We Recognize Our Security Researchers

We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping to protect the ecosystem. That’s not changing; we’re continuing to expand our bounty …

It’s Official – The Way We Recognize Our Security Researchers Read More »

Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP)

Today we announce the top organizational candidates for Vulnerability Top Contributors, Threat Indicator Top Submitters, and Zero-Day Top Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. This bi-directional sharing program of threat …

Microsoft Announces Top Contributing Partners in the Microsoft Active Protections Program (MAPP) Read More »

Rusty construction shovel

We need a safer systems programming language

In our first post in this series, we discussed the need for proactively addressing memory safety issues. Tools and guidance are demonstrably not preventing this class of vulnerabilities; memory safety issues have represented almost the same proportion of vulnerabilities assigned a CVE for over a decade. We feel that using memory-safe languages will mitigate this …

We need a safer systems programming language Read More »

Announcing the Microsoft Dynamics 365 Bounty program

One of Microsoft’s many security investments to protect customers is in the partnerships we build with the external security research community. We are excited to announce the launch of the Dynamics 365 Bounty program and welcome researchers to seek out and disclose any high impact vulnerabilities they may find in Dynamics 365. Rewards up to …

Announcing the Microsoft Dynamics 365 Bounty program Read More »

Rusty construction shovel

A proactive approach to more secure code

What if we could eliminate an entire class of vulnerabilities before they ever happened? Since 2004, the Microsoft Security Response Centre (MSRC) has triaged every reported Microsoft security vulnerability. From all that triage one astonishing fact sticks out: as Matt Miller discussed in his 2019 presentation at BlueHat IL, the majority of vulnerabilities fixed and …

A proactive approach to more secure code Read More »

July 2019 Security Update Release

We have released the July security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found in the Security Update Guide.

日本セキュリティチーム ブログ移行のお知らせ

日本セキュリティチーム ブログが、新しいプラットフォームに移行してアドレスが変更になりました。旧アドレス (https://blogs.technet.microsoft.com/jpsecurity/) をブラウザのお気に入りに登録や、RSS フィードの登録等で利用されている方は、お手数ですが、新たなアドレス (https://aka.ms/jpsecurity) へ変更をお願いします。

Inside the MSRC – Building your own security incident response process

This is the third and last in a series of posts that looks at how Microsoft responds to elevated threats to customers through the Microsoft Security Response Center’s (MSRC) Software and Services Incident Response Plan (SSIRP). Our previous posts discussed how Microsoft protects customers against elevated threats and the anatomy of a SSIRP incident. In …

Inside the MSRC – Building your own security incident response process Read More »