Category: <span>Uncategorized</span>

Microsoft Identity Bounty Improvements

Microsoft is continually improving our existing bounty programs. Today we’re happy to share the latest updates to the Microsoft Identity Bounty. Originally launched in July 2018, the Microsoft Identity bounty program has helped build a partnership with the security research community to improve the security of customer and enterprise identity solutions across Azure, Windows, and OpenID standards.

Introducing the ElectionGuard Bounty program

Today we are launching the [ElectionGuard Bounty program](«http://www.microsoft.com/msrc/bounty-electionguard> >).
In May 2019, we announced the release of ElectionGuard, a free open-source SDK to make voting more secure, transparent, and accessible. ElectionGuard enables end-to-end verification of elections, open results to third-party organizations for secure validation, and allows individual voters to confirm their votes were correctly counted.

Announcing the Security Researcher Quarterly Leaderboard

Right before Black Hat USA 2019, we announced our new researcher recognition program, and at Black Hat we announced the top researchers from the previous twelve months. Since it’s easier to track your progress with regular updates than with just an annual report, we are excited to

An intern's experience with Rust

Over the course of my internship at the Microsoft Security Response Center (MSRC), I worked on the safe systems programming languages (SSPL) team to promote safer languages for systems programming where runtime overhead is important, as outlined in this blog. My job was to port a security critical network processing agent into Rust to eliminate the memory safety bugs that had plagued it.

Designing a COM library for Rust

I interned with Microsoft as a Software Engineering Intern in the MSRC UK team in Cheltenham this past summer. I worked in the Safe Systems Programming Language (SSPL) group, which explores safe programming languages as a proactive measure against memory-safety related vulnerabilities.
This blog post describes the project that I have been working on under the mentorship of the SSPL team.

October 2019 security updates are available!

We have released the October security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates.
More information about this month’s security updates can be found in the Security Update Guide.
As a reminder, Windows 7 and Windows Server 2008 R2 will be out of extended support and no longer receiving updates as of January 14, 2020.

Building the Azure IoT Edge Security Daemon in Rust

Azure IoT Edge is an open source, cross platform software project from the Azure IoT team at Microsoft that seeks to solve the problem of managing distribution of compute to the edge of your on-premise network from the cloud. This post explains some of the rationale behind our choice of Rust as the implementation programming language for the Security Daemon component in the product.

MSRC is going to ROOTCON!

The Microsoft Security Response Center (MSRC) works with partners all over the world to protect Microsoft customers. This week we’re headed to the Philippines to meet security researchers and bounty hunters at ROOTCON 13!
Planning on attending ROOTCON? If you want to learn more about how you can earn rewards for reporting vulnerabilities to Microsoft bounty programs, you have two ways to connect with us there: