Microsoft Security Vulnerability Research (MSVR)
MSVR is a program specifically designed to help improve the security ecosystem as a whole through the sharing of knowledge and best practices.
- Internal Microsoft engineers: In the course of their regular work, engineers find potential vulnerabilities in third-party software. These vulnerabilities are reported to the MSVR team, which then works with the affected vendor to fix the issue.
- External reports to the Microsoft Security Response Center (MSRC): On occasion an external researcher will report an issue that they believe affects a Microsoft product but that either affects a third-party product of affects both the Microsoft product and external parties. These issues are coordinated by MSVR.
- Internal research projects: As time and resources permit, Microsoft performs its own vulnerability analysis and research on products that run on Microsoft operating systems, but that are not developed by Microsoft. Any issues are reported to the affected vendor under accepted Coordinated Vulnerability Disclosure practices.