Metro App Developers Will Have To Fix Security Flaws In Less Than 180 Days

The Windows Store hit an important milestone earlier this month. More than 100,000 Metro apps are now available on Microsoft’s flagship apps repository, with the number growing by the day.

With this vital milestone under the bag, the technology titan has now rolled out a new security policy for the apps available not just in the Windows Store, but also Windows Phone Store, Office Store and Azure Marketplace.

This new security policy forces developers to patch security flaws in a maximum of 180 days.

As Microsoft explained, this new policy is effective immediately, and the company says that it is specifically designed to help ensure that customers are always safe when using the apps available in any of its online stores:

“This confidence includes trusting that developers will respond appropriately when a security vulnerability is discovered. Microsoft has a long history of working with third-party developers and researchers to resolve security vulnerabilities.”

But that is not all. At the same time, Microsoft has expressed its desire to work together with developers in assisting them to patch vulnerabilities found in their apps:

“Under the policy, developers will have a maximum of 180 days to submit an updated app for security vulnerabilities that are not under active attack and are rated Critical or Important according to the Microsoft Security Response Center rating system.

The updated app must be submitted to the store within 180 days of the first report that reproduces the issue. Microsoft reserves the right to take swift action in all cases, which may include immediate removal of the app from the store, and will exercise its discretion on a case-by-case basis.”

Obviously, 180 days is an ample amount of time — the company, in fact, expects most app vulnerabilities to be patched faster. Nevertheless, it is willing to make a few exceptions here and there in case some developers need more time to deal with the flaws:

“Microsoft may make exceptions, such as when issues affect multiple developers or are architectural in nature, where such action is prohibited by law, or at Microsoft’s discretion.”

Redmond has, in recent times, increased its focus on developers manifold. With several of its platforms offering support for app development, and particularly the upcoming Windows 8.1 operating system with its redesigned Windows Store, this newfound emphasis on security is arriving at the perfect time.

Free Windows 10 Training Videos

More Related Articles

Leave a Reply