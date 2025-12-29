Say your cloud storage service gets hacked. Say the attackers broke in by exploiting a vulnerability in an open-source library your organization used to build the service. Who owns that vulnerability?

Microsoft is trying to clear some of the smog obscuring the software supply chain by expanding its bug bounty program to include some third-party code that affects it services. In this episode of Security Intelligence, panelists Jeff Crume, Nick Bradley and Claire Nuñez discuss what that move means for cybersecurity responsibility models going forward. We also analyze how a three-year-old LastPass breach is still giving cybercriminals new credentials to steal. Turns out “harvest now, decrypt later” isn’t just a quantum concern.