Microsoft launches new Windows bug bounty programme

Lynne Hanson
July 28, 2017

Payouts for discovering Windows Insider Preview bugs will range from $500 to $15,000.

That is now a possibility with Microsoft making Windows a 10 a permanent part of its bug bounty program and increasing monetary rewards. "Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities". Microsoft is also focusing on the Mitigation bypass and Microsoft Edge, and participants who identify a bug are eligible for $100,000 and $15,000, respectively. The previous maximum Hyper-V payout was $150,000. Rewards start at a minimum of $500 and can go up to as high as $250,000.

Many of these bounty programs were time-limited, covering software during its beta/development period but ending once it was released.

China raises 'major problems' as Doval meets China's top diplomat
China, which now holds the presidency of the five-member group, will host the 2017 Brics summit in September at Xiamen city. India has been providing security to this territory, supposedly on behalf of Bhutan, triggering the escalation of tensions.

It's always better to find and fix a hole before it becomes a massive problem, especially when it comes to security issues.

Following that initial programme, Microsoft has been slowly extending its bounty offerings: in 2014 its Bounty Hunter programme reached £182,860 in payouts with a major chunk going to researcher Yang Yu, in 2015 it added Project Spartan, now known as Microsoft Edge, to the programme, and earlier this year boosted the maximum payouts available for selected software under the programme. Other points of focus include Mitigation Bypass (things that break Microsoft's security sandboxing) and Bounty for Defense, Windows Defender Application Guard, Microsoft Edge and, most notably, Windows Insider Preview, the company's early access program for Windows 10 builds. Such programs make it easier for tech companies to look for security flaws before they wreak havoc in one way or another. Rewarding security researchers with bounties costs lesser as compared to paying for a serious security mix-up.

Other reports by TheDailyFarc

Discuss This Article