Microsoft has tightened the security requirements for apps available on its online stores, while providing plenty of wiggle room to avoid alienating much-needed developers.
The policy introduced Tuesday places the responsibility of fixing vulnerabilities on developers, who face having their apps yanked for non-compliance. The new rules are effective immediately on the Windows Store, Windows Phone Store, Office Store and Azure Marketplace.The requirements are unlikely to scare away the majority of developers. Microsoft is giving them a maximum of 180 days from the time a vulnerability is confirmed to submit an updated app.
The timeline applies to vulnerabilities that are rated critical or important, but are not under attack. The ratings will be based on the system outlined in the Microsoft Security Response Center.
While Microsoft has the right to pull apps from its stores, it is unlikely to do so very often under the generous timeline. To date, no developers have taken that long to fix a security problem, says Microsoft.