14 DAY TRIAL // Microsoft has released a new security policy for the apps available in the Windows Store, Windows Phone Store, Office Store, and Azure Marketplace that forces developers to patch security flaws in a maximum of 180 days.
The new policy is effective immediately, Microsoft explained, and is specifically designed to help ensure that customers are always on the safe side when using apps available in the Store.
“This confidence includes trusting that developers will respond appropriately when a security vulnerability is discovered. Microsoft has a long history of working with third-party developers and researchers to resolve security vulnerabilities,” the tech giant explained.
At the same time, Microsoft has expressed its intention to work together with developers in patching vulnerabilities found in their apps.
“Under the policy, developers will have a maximum of 180 days to submit an updated app for security vulnerabilities that are not under active attack and are rated Critical or Important according to the Microsoft Security Response Center rating system,” the company added.
“The updated app must be submitted to the store within 180 days of the first report that reproduces the issue. Microsoft reserves the right to take swift action in all cases, which may include immediate removal of the app from the store, and will exercise its discretion on a case-by-case basis.”
The company expects most vulnerabilities to be patched faster than 180 days, but it’s willing to make a few exceptions in case some developers need more time to deal with the flaws they find.
“Microsoft may make exceptions, such as when issues affect multiple developers or are architectural in nature, where such action is prohibited by law, or at Microsoft’s discretion,” it said.
At this point, there are more than 100,000 apps in the Windows Store, and Microsoft expects these figures to grow even bigger in the coming months after the public launch of Windows 8.1.