Microsoft Bounty Programs

Software companies are always looking for bugs, and many of them offer a bounty to researchers for the issues they uncover. With the launch of Microsoft’s latest operating system, Windows 10, the effort to discover bugs and security flaws has led Microsoft to rely on researchers even more to help uncover issues. Windows is a constant priority target for cyberattackers due to the popularity and widespread use of the software, it is important to entice as many researchers as possible to submit vulnerabilities before they become a widespread security issue.

Maximum rewards offered for the Bounty for Defense program have been raised from $50,000 to $100,000. There are also events, like the recent Black Hat, where the bounties are raised to increase participation. You can read more about the bounty program here.

This continued evolution includes a new approach to the Online Services Bug Bounty Program:

  • Authentication vulnerabilities will receive double bounty payouts
    • Microsoft Account (MSA) and Azure Active Directory (AAD) vulnerabilities
    • Bonus period will run from August 5, 2015 – October 5, 2015
    • All payouts during this period will receive twice the normal payout (that means we will pay $30,000 USD for a great Authentication vulnerability!)
  • MSA contest at Black Hat
    • Come show us your 1337 skills and win an Xbox One, Surface 3, or one year of full MSDN access
    • Come visit us at the Microsoft Networking Lounge, August 5-6, in Mandalay Bay to review full rules and to participate
  • RemoteApp
    • RemoteApp lets users run Windows apps hosted in Azure anywhere, and on a variety of devices
    • RemoteApp is being added as a new property of the Online Services Bug Bounty Program and all of the regular terms and payout rules apply

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.