MS – 보안 대응 센터

Join Microsoft Security Response at the Product Security Operations forum at LocoMocoSec! The MSRC is more than managing vulnerability reports, publishing Microsoft security updates, and defending the cloud. The MSRC is passionate about helping everyone improve internal engineering practices and supporting the defender community, and are excited to partner with Blackberry to host a Product Security Operations Forum at LocoMocoSec on April 18, 2019. Featuring exceptional speakers from across the industry, the Product Security Operations Forum will share what industry practitioners have learned about problems (and solutions!) of secure development and managing vulnerability response. We’ll have hands-on practitioners from, npm, Adobe, Microsoft, GitHub, and elsewhere discussing the operational programs and processes they are using to tackle real-world challenges. Since no single person has all the answers, we also hope that everyone attending will take advantage of the event format to [ more… ]

Call for Papers | Microsoft BlueHat Shanghai 2019 The Microsoft Security Response Center (MSRC) recently announced our first BlueHat security conference in Shanghai which will take place on May 29-30, 2019. After 15 years of BlueHat events in Redmond, Washington and Israel, we are thrilled to expand to a new location. We work with many talented security researchers throughout the Asia Pacific region to protect our shared online ecosystem, and we can’t wait to connect with them in person at BlueHat! BlueHat Shanghai will provide a fun, accessible venue for security researchers to come together and share innovative cybersecurity research and ideas. If you are a security researcherer or a security engineer, come join us! We are accepting CFP submissions through March 31, 2019. To submit a talk, please review the CFP information and complete the form via https://aka.ms/bhcfp. Topics [ more… ]

Practical advice for earning higher Microsoft bounty awards This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn’t be there, I had two core pieces of advice. First, focus vulnerability research on the products and services that are eligible for bounty rewards. The eligible scope is published on our website. We expand our programs throughout the year, so check back regularly for new potential areas to research and follow us on Twitter for announcements of new bounty programs. Second, when reporting security vulnerabilities, provide clear, concise information to help our engineering teams reproduce the vulnerability for themselves. Detailed and well written instructions, or even short videos can more than double the possible [ more… ]

March 2019 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Source: March 2019 Security Update Release

February 2019 Security Update Release Today, we released security updates to provide additional protections against malicious attackers. As a best practice, we encourage customers to turn on automatic updates. More information about this month’s security updates can be found on the Security Update Guide. Source: February 2019 Security Update Release