A new dedicated bug bounty program has been launched by Microsoft to encourage security researchers and bug hunters for discovering and reporting vulnerabilities in the latest Windows versions of operating systems and software.
To be clear, Microsoft previously offers many bug bounty programs. This is also not the first to target Windows features — the company has launched many Windows-specific bounties starting in 2012.
“In the spirit of maintaining a high security bar in Windows, we’re launching the Windows Bounty Program on July 26, 2017. This will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. We’re also bumping up the pay-out range for the Hyper-V Bounty Program.”
The new Bug Bounty Program includes Windows 10 and the Windows Insider Preview. It also includes Hyper-V, Mitigation Bypass, Windows Defender Application Guard, and Microsoft Edge.
“Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty”
“Bounty payouts will range from $500 USD to $250,000 USD”
“If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)”