Source
msrc-blog
Today Microsoft announced the MAPP program Top Vulnerability Contributors, Top Threat Indicator Submitters, and Top Zero-Day Reporting for the period of July 1, 2018 – June 30, 2019. The Microsoft Active Protections Program provides security and protection to customers through cooperation and collaboration with industry leading partners. While all MAPP partners have made a significant impact on the security ecosystem and are commended for their customer-first approach to security, these top contributors have gone above and beyond our expectations.
Earlier today we announced MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat. The following 75 researchers hail from all corners of the world and possess varied experience and skills, yet all of them have contributed to securing the Microsoft’s customers and the broader ecosystem. For over a decade, one of Microsoft’s partners in vulnerability research and disclosure has been Trend Micro’s Zero Day Initiative.
Earlier today we announced MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat. The following 75 researchers hail from all corners of the world and possess varied experience and skills, yet all of them have contributed to securing the Microsoft’s customers and the broader ecosystem. For over a decade, one of Microsoft’s partners in vulnerability research and disclosure has been Trend Micro’s Zero Day Initiative.
Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable, maintained, and monitored by security teams, especially in large complex enterprises.
Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented individuals to come and do their worst to emulate criminal hackers in a customer-safe cloud environment called the Azure Security Lab.
Azure is exceptionally secure. To help keep it that way, we are doubling the top bounty reward for Azure vulnerabilities to $40,000. But we aren’t stopping there. To make it easier for security researchers to confidently and aggressively test Azure, we are inviting a select group of talented individuals to come and do their worst to emulate criminal hackers in a customer-safe cloud environment called the Azure Security Lab.
Several sources estimate that by the year 2020 some 50 billion IoT devices will be deployed worldwide. IoT devices are purposefully designed to connect to a network and many are simply connected to the internet with little management or oversight. Such devices still must be identifiable, maintained, and monitored by security teams, especially in large complex enterprises.
Who’s going to be on the Most Valuable Security Researcher list at Black Hat USA 2019? We’re not announcing the names—yet—but this is how we’ll determine who’s there. How do we define the Most Valuable Security Researchers? The list at Black Hat will be the top tier of researchers based on not just the volume of the reports, but also the impact and accuracy of their reports.
Who’s going to be on the Most Valuable Security Researcher list at Black Hat USA 2019? We’re not announcing the names—yet—but this is how we’ll determine who’s there. How do we define the Most Valuable Security Researchers? The list at Black Hat will be the top tier of researchers based on not just the volume of the reports, but also the impact and accuracy of their reports.
We deeply appreciate the partnership of the many talented security researchers who report vulnerabilities to Microsoft through Coordinated Vulnerability Disclosure. We pay bounties for research in key areas, and each year at Black Hat USA, we’ve recognized the most impactful researchers helping to protect the ecosystem. That’s not changing; we’re continuing to expand our bounty programs and will continue to recognize researchers with the greatest impact on the security ecosystem.