[Infowarrior] - Microsoft launches Windows bug bounty program
Richard Forno
rforno at infowarrior.org
Wed Jul 26 14:58:36 CDT 2017
Microsoft launches Windows bug bounty program with rewards ranging from $500 to $250,000
Microsoft today announced the Windows Bounty Program. Rewards start at a minimum of $500 and can go up to as high as $250,000.
To be clear, Microsoft already offers many bug bounty programs. This is also not the first to target Windows features — the company has launched many Windows-specific bounties starting in 2012. The Windows Bounty Program, however, encompasses Windows 10 and even the Windows Insider Preview, the company’s program for testing Windows 10 preview builds. Furthermore, it also has specific focus areas: Hyper-V, Mitigation Bypass, Windows Defender Application Guard, and Microsoft Edge.
Here are the program’s rules (check out Microsoft’s bug bounty FAQ for more):
• Any critical or important class remote code execution, elevation of privilege, or design flaws that compromise a customer’s privacy and security will receive a bounty
• The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
• Bounty payouts will range from $500 USD to $250,000 USD
• If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10 percent of the highest amount they could’ve received
• All security bugs are important to us and we request you report all security bugs to secure at microsoft.com via Coordinated Vulnerability Disclosure (CVD) policy
If you’re interested in the maximum quarter-million bounty, your only option is Hyper-V program, although you have multiple operating systems to choose from: Windows 10, Windows Server 2012, Windows Server 2012 R2, and Windows Server Insider Preview. Also of note is the Mitigation Bypass and Bounty program‘s highest reward of $200,000, but there you can solely target Windows 10.
< - >
https://venturebeat.com/2017/07/26/microsoft-launches-windows-bug-bounty-program-with-rewards-ranging-from-500-to-250000/
More information about the Infowarrior
mailing list