Microsoft Expands Bug Bounty Program Scope to Include Vulnerabilities Impacting Online Services

Microsoft has announced a significant expansion of its bug bounty program scope, introducing the 'In Scope By Default' model. From now on, all Microsoft online services will automatically be included in the reward program as soon as they go live, eliminating the need for separate product definitions. Researchers can now directly report and receive rewards for vulnerabilities affecting Microsoft cloud infrastructure. This adjustment particularly covers vulnerabilities in third-party libraries, dependencies, and open-source components. Any impact on Microsoft cloud infrastructure is now within the scope of the program.

According to Microsoft, this move aims to reduce researcher confusion, accelerate vulnerability reporting and fixing, and ensure that all real risks affecting customers are covered. The security industry has generally welcomed this move, predicting that Microsoft will pay out more rewards in the short term, but ultimately leading to enhanced overall security.

Source: [SiliconANGLE](https://siliconangle.com/2025/12/11/microsoft-broadens-bug-bounty-scope-include-vulnerability-impacting-services/)

Microsoft Expands Bug Bounty Program Scope to Include Vulnerabilities Impacting Online Services

Fugitives Break Out of Detention Center, Police Launch Manhunt

That's all.