Microsoft has finally launched a new dedicated bug bounty program to encourage security researchers and bug hunters for finding and responsibly reporting vulnerabilities in its latest Windows versions of operating systems and software.
Being the favourite target of hackers and cyber criminals, every single zero-day vulnerability in Windows OS—from critical remote code execution, mitigation bypass and elevation of privilege to design flaws—could cause a crisis like recent WannaCry and Petya Ransomware attacks.
In past five years the tech giant has launched multiple time-limited bug bounty programs focused on various Windows features, and after seeing quite a bit of success, Microsoft has decided to continue.
“Security is always changing, and we prioritise different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities.”
With its latest bug bounty program, Microsoft is offering up to $250,000 in rewards to cybersecurity researchers and bug hunters who find vulnerabilities in the company’s software, which mainly focuses on:
- Windows 10, Windows Server 2012 and Insider Previews
- Microsoft Hyper-V
- Mitigation Bypass Techniques
- Windows Defender Application Guard
- Microsoft Edge Browser
Below is the chart showing details of the targets, main focus areas and the respective payouts:
“In the spirit of maintaining a high-security bar in Windows, we’re launching the Windows Bounty Program on July 26, 2017,” Microsoft says in a blog post. “The bounty program is sustained and will continue indefinitely at Microsoft’s discretion.“
Recently, the non-profit group behind Tor Project joined hands with HackerOne and launched a bug bounty program with the payout of up to $4,000 to researchers and bug hunters for finding and reporting flaws that could compromise the anonymity network.
For more granular details about Microsoft’s Bug Bounty Program, you can check out the program on the TechNet site.