Good news, security researchers! Microsoft has made a number of changes to its bug bounty program that could mean a lot more cash in your pocket for a successful submission. Here’s everything you need to know.
For starters, Microsoft is raising the maximum Bounty for Defense reward from $50,000 to $100,000. Bounty for Defense submissions are described as defensive ideas that accompany a qualifying Mitigation Bypass submission.
Furthermore, from now through October 5, Microsoft is offering a bonus for Authentication vulnerabilities in the Online Services Bug Bounty. Payouts during this period will be twice the normal amount meaning researchers can, for example, earn up to $30,000 for an Authentication vulnerability submission.
Last but not least, Microsoft has added RemoteApp to the list of domains covered in the Online Services Bug Bounty. RemoteApp allows users to run Windows apps hosted in Azure anywhere and on a number of different devices.
Outside of its own walls, independent security researchers are Microsoft’s best ally in the never-ending quest of finding and patching security vulnerabilities. The increased bounty rewards no doubt correlate with the recent launch of Windows 10. With its new baby out in the wild, Microsoft wants to find and patch vulnerabilities as quickly as possible before bad actors exploit them for personal gain.
Those interested in learning more about Microsoft's expanded bug bounty program are encouraged to visit the Security TechCenter.