Microsoft is broadening its bug bounty programs to include incentives even for those without official payouts. The company has introduced a new 'In Scope by Default' approach to encourage security research.
Microsoft announced an expansion of its bug bounty initiatives, aiming to incentivize security researchers across a wider range of programs. The key feature is the 'In Scope by Default' policy, which applies bug bounty rewards to projects that previously lacked formal payout structures.
This move is designed to foster greater participation in identifying vulnerabilities within Microsoft's ecosystem. By defaulting programs to be in scope for bounties, the company seeks to streamline the process for researchers submitting findings.
The announcement highlights Microsoft's ongoing commitment to cybersecurity, building on existing bounty programs that reward valid vulnerability reports. Details on specific payout amounts or eligible programs were not immediately available in the initial disclosure.
This development comes at a time when software security remains a critical priority for tech giants, potentially setting a precedent for similar incentives in the industry.