The vendor is acknowledging the expanding attack surface in a world of cloud computing and AI and the growing threat of supply chain attacks.

Security Boulevard is a leading cybersecurity news and information portal, offering articles, analysis, and insights on cybersecurity threats, vulnerabilities, and best practices. From the latest trends in cyber threats to expert commentary on security technologies and compliance frameworks, Security Boulevard provides resources for security professionals, IT leaders, and business executives seeking to protect their organizations from cyber attacks and data breaches.

Security Boulevard

Microsoft announced at Black Hat Europe that it's expanding its bug bounty program to include third-party and open source code through a new "Scope by Default" approach. All Microsoft online services, including third-party integrations, are now automatically eligible for bounty rewards. The expansion addresses growing supply chain security risks, exemplified by recent attacks like React2Shell. Microsoft paid out over $17 million in bounties last year and will likely increase payouts as the program now covers vulnerabilities in any code that impacts its services, regardless of ownership.

Microsoft Expands Its Bug Bounty Program to Include Third-Party Code