Earlier this year, I’ve reported 7 XSS flaws on different pages of the Dutch MSN Entertainment site to the Microsoft Security Response Center (MSRC case #14103cl) and immediately received a response – not as fast as HP did previously on my HP IMC flaw – but still very fast ;-).

ia-50

In contrast to Google or Facebook, Microsoft does not provide any kind of bugbounty program – they’d probably lose too much money with such a program 😀 – just joking!

Instead of this, they provide something which is called “Security Researcher Acknowledgments for Microsoft Online Services” on a monthly basis, where they add security researchers who have responsible disclosed valuable and not-yet-found-and-reported flaws in their online services. Btw: Unfortunately, one of my reported flaws has not been credited by Microsoft, since it’s been previously disclosed by someone else. Anyways, great to read my name on the May 2013 list – fits perfectly on my cv 🙂

msrc

Microsoft Fixes 7 XSS Flaws on MSN
Tagged on:         

One thought on “Microsoft Fixes 7 XSS Flaws on MSN

  • June 8, 2013 at 1:56 pm
    Permalink

    Hey, wenn das dein erster Eintrag dort ist: Herzlichen Glückwunsch! 🙂

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.