Our security teams work around the clock to help protect every person and organization on the planet from security threats. We also know that security is a team sport, and that’s why we also partner with the global security community through our bug bounty programs to proactively identify and mitigate potential issues before our customers are impacted.| 2024 on Microsoft Security Response Center
Under the principle of Coordinated Vulnerability Disclosure (CVD), researchers disclose newly discovered vulnerabilities or content-related issues in hardware, software, or services directly to the vendors of the affected product; to a national CERT or other coordinator who will report to the vendor privately; or to a private service that will likewise report to the vendor privately. The researcher gives the vendor the opportunity to diagnose the issue and provides fully tested updates, worka...| www.microsoft.com