Microsoft and Google increase bug bounty payouts

money-bag

Keen as ever to squash any security issues and bugs that might arise in their software, both Microsoft and Google have announced increases in their bug bounty program payouts. Microsoft has doubled some awards, while Google has used others to make knowing jokes.

Two increased rewards from Google include "leet" references. Find a Remote Code Execution bug and you could bag yourself $31,337 (up from $20,000); execute "Unrestricted file system or database access" and you could earn $13,337 (up from $10,000). While Google's increases are permanent, however, Microsoft's are just temporary.

Microsoft is doubling Office 365-related big bounty rewards for two months. This means that the maximum payout jumps from $15,000 to $30,000, but you only have from now until 1 May to take advantage of the increase. Writing about the decision to offer more money to bug hunters, Microsoft says:

Keeping in line with our philosophy of protecting users and awarding researchers, we are pleased to announce an update to our Online Services bounty program. We will be giving out double rewards for security vulnerabilities from March 1, 2017 to May 1, 2017 for eligible vulnerabilities submitted in Exchange Online and Office 365 Admin Portal.

These properties are core web applications in the Office 365 suite.  Securing Exchange Online, Microsoft’s hosted enterprise e-mail solution, is vital to customer security as it is the gateway to accessing critical user information such as email, calendars, contacts and tasks for any endpoint device. Office 365 admin portal is the web management interface for managing tenant access. This portal is an important piece in protecting tenants and tenant admins from compromise.

A handful of domains are covered by the bounty doubling:

  • portal.office.com
  • outlook.office365.com
  • outlook.office.com
  • outlook.live.com
  • *.outlook.com

You can read the full details in Microsoft's post on the MSRC blog.

Details of Google's bounty programs can be found over on its VRP site.

Image credit: Africa Studio / Shutterstock

Comments are closed.

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.