Microsoft Announces the Windows Bounty Program

Microsoft Announces the Windows Bounty Program

Microsoft today announced a bug bounty program for Windows 10 that will include payouts of up to $250,000.

“The Windows Bounty Program will will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge,” the Microsoft Security Research Center team writes. “We’re also bumping up the pay-out range for the Hyper-V Bounty Program.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

The Windows Bounty Program is really an expansion of previously separate bounty programs that Microsoft maintained for specific Windows features. But based on the success of those programs, and because “security is always changing and Microsoft prioritizes different types of vulnerabilities at different points in time,” the software giant has decided to provide bounties for bugs found in all of Windows.

The program will continue indefinitely and at Microsoft’s discretion, with different payout ranges based on the impacted feature of Windows and the severity of the found bug. The minimum payout is $500, and the highest payout, for Hyper-V, is $250,000.

I’m a bit surprised to discover that all of Windows wasn’t already covered by a bounty program, but this certainly seems to cover that need, if belatedly.

You can find out more at the Microsoft Bounty Programs website.

 

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 6 comments

  • skane2600

    26 July, 2017 - 10:33 pm

    <p>It would be more effective (but costlier to MS) to just employ more security experts at Microsoft to look for security bugs. With a salary that allows them to work the problems full-time and all the resources MS has including source code, they're more likely to uncover problems. People who have both the expertise and the time to investigate such problems as a "hobby" are probably very rare.</p>

    • Saxwulf

      Premium Member
      27 July, 2017 - 7:59 am

      <blockquote><a href="#153859"><em>In reply to skane2600:</em></a></blockquote><p>As rare as a hacker.</p>

      • skane2600

        27 July, 2017 - 3:28 pm

        <blockquote><a href="#153914"><em>In reply to Saxwulf:</em></a></blockquote><p>Are you referring to the "We want to 'own' your PC" hackers or the "We think we are God's gift to programming" hackers"?</p>

    • Waethorn

      27 July, 2017 - 12:29 pm

      <blockquote><a href="#153859"><em>In reply to skane2600:</em></a></blockquote><p>They already decided that quality doesn't matter by cutting their own internal QA team in favour of unpaid interns, i.e. Windows Insiders.</p>

  • Waethorn

    27 July, 2017 - 10:28 am

    <p>"<span style="color: rgb(0, 0, 0);">The minimum payout is $500, and the highest payout, for Hyper-V, is $250,000."</span></p><p><br></p><p>Why Hyper-V and not the NT kernel, which affects everybody? Seems like Microsoft is putting a bigger bet on hardware-assisted sandboxing rather than their own independent software.</p>

  • Html Color

    30 August, 2017 - 10:39 pm

    <p> Your article reflects the issue people are concerned about. The article provides timely information that reflects multi-dimensional views from multiple perspectives. I look forward to reading quality articles that contain timely information from you.</p><p>htmlcolorspicker.com</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC