Microsoft Announces the Windows Bounty Program

Posted on July 26, 2017 by Paul Thurrott in Windows 10 with 6 Comments

Microsoft Announces the Windows Bounty Program

Microsoft today announced a bug bounty program for Windows 10 that will include payouts of up to $250,000.

“The Windows Bounty Program will will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge,” the Microsoft Security Research Center team writes. “We’re also bumping up the pay-out range for the Hyper-V Bounty Program.”

The Windows Bounty Program is really an expansion of previously separate bounty programs that Microsoft maintained for specific Windows features. But based on the success of those programs, and because “security is always changing and Microsoft prioritizes different types of vulnerabilities at different points in time,” the software giant has decided to provide bounties for bugs found in all of Windows.

The program will continue indefinitely and at Microsoft’s discretion, with different payout ranges based on the impacted feature of Windows and the severity of the found bug. The minimum payout is $500, and the highest payout, for Hyper-V, is $250,000.

I’m a bit surprised to discover that all of Windows wasn’t already covered by a bounty program, but this certainly seems to cover that need, if belatedly.

You can find out more at the Microsoft Bounty Programs website.


Tagged with

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (6)

6 responses to “Microsoft Announces the Windows Bounty Program”

  1. skane2600

    It would be more effective (but costlier to MS) to just employ more security experts at Microsoft to look for security bugs. With a salary that allows them to work the problems full-time and all the resources MS has including source code, they're more likely to uncover problems. People who have both the expertise and the time to investigate such problems as a "hobby" are probably very rare.

  2. Waethorn

    "The minimum payout is $500, and the highest payout, for Hyper-V, is $250,000."

    Why Hyper-V and not the NT kernel, which affects everybody? Seems like Microsoft is putting a bigger bet on hardware-assisted sandboxing rather than their own independent software.

  3. Html Color

    Your article reflects the issue people are concerned about. The article provides timely information that reflects multi-dimensional views from multiple perspectives. I look forward to reading quality articles that contain timely information from you.