Microsoft launches Windows Bounty Program to weed out Windows 10 bugs

Image credit: g0d4ather and StockSmartStart / Shutterstock

Microsoft is one of many technology companies to run bounty programs giving people the opportunity to earn a bundle of cash for finding bugs and security issues with software. Now the software giant has launched the Windows Bounty Program, offering rewards of up to $250,000.

Of course, the starting point for rewards is much lower -- just $500, but still better than a kick in the teeth. This new bounty program has four key areas of focus in addition to the Windows Insider program: Microsoft Hyper-V, Mitigation bypass and Bounty for defense, Windows Defender Application Guard, and Microsoft Edge.

The aim with the bounty program is to ensure that areas not previously covered by other such programs are mopped up. It not only gives people the chance to cash in, but gives Microsoft access to a potentially huge group of testers.

In a blog post announcing the new bounty program, the Microsoft Security Response Center details the targets it has in mind:

Category  Targets  Windows Version  Payout range (USD)
 Focus area  Microsoft Hyper-V  Windows 10

Windows Server 2012

Windows Server 2012 R2

Windows Server Insider Preview

 $5,000 to $250,000
 Focus area  Mitigation bypass and Bounty for defense  Windows 10  $500 to $200,000
 Focus area  Windows Defender Application Guard  WIP slow  $500 to $30,000
 Focus area  Microsoft Edge  WIP slow  $500 to $15,000
 Base  Windows Insider Preview  WIP slow  $500 to $15,000

Microsoft also shares the following points about the program:

  • Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
  • The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
  • Bounty payouts will range from $500 USD to $250,000 USD
  • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
  • All security bugs are important to us and we request you report all security bugs to secure@microsoft.com via Coordinated Vulnerability Disclosure (CVD) policy
  • For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog

More information is available on the Microsoft Bounty Programs page.

Image credit: g0d4ather and StockSmartStart / Shutterstock

© 1998-2017 BetaNews, Inc. All Rights Reserved. Privacy Policy.