Microsoft today announced a bug bounty program for Windows 10 that will include payouts of up to $250,000.
“The Windows Bounty Program will will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge,” the Microsoft Security Research Center team writes. “We’re also bumping up the pay-out range for the Hyper-V Bounty Program.”
Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!
"*" indicates required fields
The Windows Bounty Program is really an expansion of previously separate bounty programs that Microsoft maintained for specific Windows features. But based on the success of those programs, and because “security is always changing and Microsoft prioritizes different types of vulnerabilities at different points in time,” the software giant has decided to provide bounties for bugs found in all of Windows.
The program will continue indefinitely and at Microsoft’s discretion, with different payout ranges based on the impacted feature of Windows and the severity of the found bug. The minimum payout is $500, and the highest payout, for Hyper-V, is $250,000.
I’m a bit surprised to discover that all of Windows wasn’t already covered by a bounty program, but this certainly seems to cover that need, if belatedly.
You can find out more at the Microsoft Bounty Programs website.
skane2600
<p>It would be more effective (but costlier to MS) to just employ more security experts at Microsoft to look for security bugs. With a salary that allows them to work the problems full-time and all the resources MS has including source code, they're more likely to uncover problems. People who have both the expertise and the time to investigate such problems as a "hobby" are probably very rare.</p>
skane2600
<blockquote><a href="#153914"><em>In reply to Saxwulf:</em></a></blockquote><p>Are you referring to the "We want to 'own' your PC" hackers or the "We think we are God's gift to programming" hackers"?</p>