Microsoft expands bug bounty program

Nichole Vega
July 28, 2017

Interested users can find out more information on the official page and read over the rules of the Windows Bounty Program.

"In the spirit of maintaining a high security bar in Windows, we're launching the Windows Bounty Program on July 26, 2017", wrote the Microsoft Security Response Center team announcing the news in a post on the company's TechNet blog.

Now the company is going a step further with the launch of the Windows Bounty Programme, a bug bounty programme which specifically targets all current versions of the Windows operating system - including those in the Windows Insider beta-test programme - for the first time.

- Any critical or important class remote code execution, elevation of privilege, or design flaws that compromise a customer's privacy and security will receive a bounty.

This means everyone finding such a bug is eligible for a bounty, but the software giant explains that if someone has already discovered the bug which has been reported internally, only 10 per cent of the highest amount which they could have received would be paid. Moreover, the Windows Bounty Program also has specific focus areas: Hyper-V, Mitigation Bypass and Windows Defender Application Guard, as well as Microsoft Edge.

The program will also include bounties for discovering vulnerabilities in four related "focus areas", including Hyper-V, which will feature a payout range of $5,000 to $250,000. However, the exploit needs to work on the latest release of the Windows Insider Preview slow ring. The Windows Defender Application Guard program rewards only goes up to $30,000, while the other two, Microsoft Edge and Windows Insider Preview, max out at $15,000.

It's always better to find and fix a hole before it becomes a massive problem, especially when it comes to security issues.

Other reports by AllAboutTopnews

Discuss This Article