Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Pen. Testing Microsoft

First published: 30th April 2008

Microsoft security strategist Katie Moussouris told delegates at the the ToorCon security conference in Seattle that Microsoft will not to sue or press charges against ethical hackers who responsibly find security flaws in its online services. This has been reported as the first time a major company has made such a pledge. However, Microsoft's manager for security response communication, Bill Sisk later claimed this was not a change in position, "Microsoft did not announce anything new at ToorCon Seattle regarding its position on responsible disclosure, but we did mention our industry leading online services acknowledgment, which went public in July of 2007. Because we will not pursue legal action against researchers who report vulnerabilities to us responsibly, we hope to encourage those who want to help us protect customers to feel free to do so without fear of repercussions."

Regardless of whether this was the first announcement of the policy, this is the first time the policy has attracted media attention. Cautious white hats will want to check the details of the policy before launching their attacks. The cynical might speculate why Microsoft has no budget for professional penetration testing.


More Information