news microsoft expands its bug bounty program increases payouts
News

Microsoft expands its bug bounty program, increases payouts

How do you keep enterprising hackers from unloading exploits into the wild? Microsoft has been paying bounties to researchers who find and disclose security issues for a while. Now, it's expanded the program. At Black Hat, the company announced that it will double the size of payments it makes in its Bounty for Defense program, and it'll also be expanding the Online Services Bug Bounty to new areas of eligibility.

Let's say an exploit has been discovered in the wild, and Microsoft has mitigated (or patched) that exploit. If you can get around that mitigation, you have a submission for the company's Mitigation Bypass program, which could net you up to $100,000. Ideas for defending against further hacking efforts are eligible for the Bounty for Defense program, which has its own $100,000 maximum payout. Submissions that offer both a mitigation bypass and a defensive idea would receive both bounties. These bounties are only good for attacks on the latest version of Windows, so those of you interested in submitting your brilliant ideas need to cover Windows 10. 

The Online Service Bug Bounties program has been expanded to include Azure Active Directory and the Microsoft Account service, in addition to Office 365 and the other Azure services that were previously eligible. The bounty for online service bugs has also been raised temporarily, from its normal $500-$15,000 to a maximum payout of $30,000 until October 5. You better get—ehrm—cracking. 

0 responses to “Microsoft expands its bug bounty program, increases payouts

  1. Well I guess Microsoft can afford to increase rewards seeing as how according to Bernie Sanders, they’ve saved 19.4 billion through tax avoidance.

  2. I had programming assignments back in college. I wrote enough spaghetti to open an Italian restaurant, but it was so buggy that I got shut back down by the health department.

    I ended up staying with engineering after that experience. Programming is a land I like to visit once in a while. I could never stay there.

  3. Why thank you for your kind reply. To elaborate on the “Something happened” bug, here are the [i<]full details[/i<] of the error: [quote<][b<]Something happened[/b<] Something happened[/quote<] I hope this additional information clarifies things. Sincerely, WinTenless user.

  4. I hear that if you can identify those problems, Microsoft will reward you with another free copy of Windows 10.

  5. “Dear Sir:

    “Thanks for your submission. If you can be more specific, we will be glad to consider your entry.

    “Sincerely, Microsoft Support.”

  6. Captain Ned

    The man, the myth, the legend.

    and if you guys could pretend I posted this in the bbq news post that’d be great. /lumbergh

  7. Not sure how much it’s changed in the last three years, but Forbes [url=http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/<]did an article[/url<] on black market prices for these exploits.

  8. I’m confuzzled–how does this work when MSFT explains that many of its bugs are features? Will you get a bounty if you point out all the problems with the Windows 8-10 Start menu?

Ben Funk

Sega nerd and guitar lover