Behind the Scenes and Best Practices for Submitting to MSRC with Jim Hull

Jim Hull, Program Manager at MSRC joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast to share insights into his role in reviewing vulnerability reports and managing cases. They dive into the submission process, detailing the types of reports accepted by MSRC and what happens after a researcher submits a potential vulnerability. The conversation also highlights the accessibility of the portal for anyone interested in identifying security issues, whether they are professionals or hobbyists. Jim explains the importance of providing clear proof of concept when submitting a vulnerability and walks through the steps MSRC takes to triage, reproduce, and resolve reports. 

In This Episode You Will Learn:    

• Why a detailed proof of concept is essential when submitting a vulnerability 
• How the MSRC collaborates with engineers at Microsoft to resolve vulnerabilities 
• The importance of including video or image documentation to support reports 

Some Questions We Ask:     

• What is the vulnerability triage process at MSRC? 
• How long does it take to fix a vulnerability after it’s been reported? 
• Why is it important to use the researcher portal instead of email or social media? 

Resources:  

Microsoft Security Response Center  

View Wendy Zenone on LinkedIn  

View Nic Fillingham on LinkedIn 

Related Microsoft Podcasts:  

• Microsoft Threat Intelligence Podcast  
• Afternoon Cyber Tea with Ann Johnson  
• Uncovering Hidden Risks  

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

The BlueHat Podcast is produced by Microsoft and distributed as part of N2K media network.