Microsoft launches Windows Bounty Program to weed out Windows 10 bugs
Microsoft is one of many technology companies to run bounty programs giving people the opportunity to earn a bundle of cash for finding bugs and security issues with software. Now the software giant has launched the Windows Bounty Program, offering rewards of up to $250,000.
Of course, the starting point for rewards is much lower -- just $500, but still better than a kick in the teeth. This new bounty program has four key areas of focus in addition to the Windows Insider program: Microsoft Hyper-V, Mitigation bypass and Bounty for defense, Windows Defender Application Guard, and Microsoft Edge.
The aim with the bounty program is to ensure that areas not previously covered by other such programs are mopped up. It not only gives people the chance to cash in, but gives Microsoft access to a potentially huge group of testers.
In a blog post announcing the new bounty program, the Microsoft Security Response Center details the targets it has in mind:
|Category||Targets||Windows Version||Payout range (USD)|
|Focus area||Microsoft Hyper-V|| Windows 10
Windows Server 2012
Windows Server 2012 R2
Windows Server Insider Preview
|$5,000 to $250,000|
|Focus area||Mitigation bypass and Bounty for defense||Windows 10||$500 to $200,000|
|Focus area||Windows Defender Application Guard||WIP slow||$500 to $30,000|
|Focus area||Microsoft Edge||WIP slow||$500 to $15,000|
|Base||Windows Insider Preview||WIP slow||$500 to $15,000|
Microsoft also shares the following points about the program:
- Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
- The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
- Bounty payouts will range from $500 USD to $250,000 USD
- If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
- All security bugs are important to us and we request you report all security bugs to firstname.lastname@example.org via Coordinated Vulnerability Disclosure (CVD) policy
- For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog
More information is available on the Microsoft Bounty Programs page.