Should You Send Your Pen Test Report to the MSRC?
Should You Send Your Pen Test Report to the MSRC? Every day, the Microsoft Security Response Center (MSRC) receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept, details of an attack or demonstration of a vulnerability, and a detailed writeup of the issue are extremely helpful and actionable. If you send these reports to us, thank you! Customers seeking to evaluate and harden their environments may ask penetration testers to probe their deployment and report on the findings. These reports can help that customer find and correct security risk(s) in their deployment. The catch is that the pen test report findings need to be evaluated in the context of that customer’s group policy objects, mitigations, tools, and [ more… ]