In a time where ransomware and cyber attacks are ever so more common, technology giants need to take additional steps to help secure their software and products. Indeed, in the spirit of helping “maintain a high-security bar in Windows,” Microsoft today announced the launch of the Windows Bounty Program.
The program covers four different categories and gives good acting hackers, and researchers monetary payouts ranging from $500 to up to $250,000 for successfully reporting exploits found in various Windows features. More specifically, the program covers all features of the Windows Insider Preview, focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. You can learn more about the program by reading below:
- Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
- The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
Bounty payouts will range from $500 USD to $250,000 USD
- If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
- All security bugs are important to us and we request you report all security bugs to [email protected] via Coordinated Vulnerability Disclosure (CVD) policy
Microsoft already has bounty programs in place for Office Insider builds on Windows 10, and Microsoft Edge. The company believes firmly in these types of programs and with security always changing, is saying “we trust that it serves to enhance our security capabilities.” You can learn more Microsoft’s Bounty Programs by clicking here.Further reading: Bounty, Bug Bounty, Microsoft, Windows 10