The Redmond giant has introduced a dedicated bug bounty program for its Microsoft Defender security solution. Under this program, the tech giant aims to pay up to $20,000 as bounties to the security researchers and bug hunters.
Bug Bounty Program Launched For Microsoft Defender
Microsoft recently announced launching a bug bounty program covering the vulnerabilities of its Defender security platform.
As announced through a recent blog post, Microsoft aims to enhance the tool’s security as it continues identifying security threats across systems. With the new bug bounty program, the tech giant invites the security community to identify and report any potential vulnerabilities in the tool to protect the consumers.
Microsoft’s Bug Bounty programs represent one of the many ways we invest in partnerships with the global security research community to help secure Microsoft customers.
Under the new bug bounty program, the firm asks security researchers and bug hunters to scan and analyze Defender products and services. However, the program won’t seem as broad in scope as it sounds since Microsoft clarifies launching it with a limited scope in the beginning.
Specifically, the program currently focuses on the Microsoft Defender for Endpoint APIs – a known security solution commonly used across different organizations globally.
Regarding the eligibility criteria, the tech giant welcomes new bug reports (not previously known to Microsoft), across Defender products. The vulnerabilities must be reproducible on the latest product versions, and the reports must submit a clear and concise bug report stating the steps to reproduce in writing or video formats.
Moreover, the reported vulnerabilities must meet critical or important severity ratings to qualify under this program. These rewards for these vulnerabilities vary depending upon the report quality and kind of vulnerability.
For instance, the lowest payouts under this program include tampering issues ($500 to $3000); whereas the maximum rewards may go to up to $20,000 for a critical severity remote code execution flaw reported with a high-quality bug report.
Details about this bug bounty program are available on the MSRC’s Defender Bug Bounty Program page.
Let us know your thoughts in the comments.