Microsoft is making improvements to its Bounty Program, a project which rewards hackers for spotting vulnerabilities in its Cloud, Windows, and Azure DevOps services. These improvements not only include higher rewards, but also faster payments as well.
For starters, Microsoft will begin paying spotters as soon as the exploit has been successfully reproduced, as opposed to waiting until the fix has been fully implimented. The company has partnered with HackerOne as its bounty payment processing partner, which will deliver bounty payments in many different options depending on the user’s preference, such as PayPal, cryptocurrency, or a traditional bank transfer.
The Microsoft Bounty Program has also awarded more than $2 million since it started in 2018, and the company is taking things further by increasing the maximum rewards. The highest payment for spotting a vulnerability in the Windows Insider program has been increased from $15,000 to $50,000—and a vulnerability spotted in Azure, Office 365, or another online service will reward up to $20,000, up from the $15,000 it was before.
Microsoft is also making changes to its policies, and will now reward the first researcher to discover a vulerability the full bounty, even if it is already known internally by the company. Previously, reports that have already been internally known would have rewarded only 10% of the eligible reward, so it’s clear that it wants to push for more research when it comes to these issues.Further reading: Azure, Bounty Programs, Microsoft, Office 365