The Redmond-headquartered technology giant Microsoft on Tuesday, July 25, launched the Windows Bounty Program with rewards start at a minimum of $500 and can go up to as high as $250,000.
Microsoft has already been offering many bug bounty programs to be clear. It should be worth noted that is not the first bounty program to target Windows features — as the software giant has launched many Windows-specific bounties starting way back in 2012.
The Windows Bounty Program, however, surrounds on Windows 10 and even the Windows Insider Preview, the firm’s beta program for testing Windows 10 preview builds. Moreover, the Windows Bounty Program also has specific focus areas: Hyper-V, Mitigation Bypass and Windows Defender Application Guard, as well as Microsoft Edge.
Here are the Microsoft Windows Bounty Program’s rules:
— Any critical or important class remote code execution, elevation of privilege, or design flaws that compromise a customer’s privacy and security will receive a bounty.
— The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
Bounty payouts will range from $500 USD to $250,000 USD.
— If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10 percent of the highest amount they could’ve received.
— All security bugs are important to us and we request you report all security bugs to email@example.com via Coordinated Vulnerability Disclosure (CVD) policy.
If you’re interested in the maximum quarter-million bounty rewards, your only option is Hyper-V program, although you have multiple Microsoft’s operating systems to choose from: Windows 10, Windows Server 2012, Windows Server 2012 R2, and Windows Server Insider Preview.
The Mitigation Bypass and Bounty program‘s highest reward of $200,000, but there you can solely target Windows 10. The Windows Defender Application Guard program rewards only goes up to $30,000, while the other two, Microsoft Edge and Windows Insider Preview, max out at $15,000. These three require using the Windows Insider slow ring.
Social media king Facebook, search engine goddess Google, and software titan Microsoft offer multiple bug bounty programs, but smaller tech firms also increasingly have at least one: Shunning the next security disaster is priceless.
It’s always better to find and fix a hole before it becomes a massive problem, especially when it comes to security issues. Rewarding security researchers with bounties costs lesser as compared to paying for a serious security mix-up.