Skip to main content

Microsoft doubles its bug bounty program

You might think you have the best programmers in the world, but chances are there's a kid in his parents' basement somewhere who's smarter than all your engineers combined.

That’s why bounty hunting for bugs has become hugely popular among software makers, employing pretty much every hacker worldwide in their search for overlooked bugs.

Microsoft is one of such companies, and it’s using the Black Hat conference to promote its new bug bounty program which sees the bounty doubled.

According to a post by Jason Shirk, security architect at Microsoft, there will be a couple of changes to the company’s bug bounty program.

Rewards for the Bounty for Defense, a reward for defensive ideas that accompany a qualifying Mitigation Bypass submission have been raised from $50,000 (£32,200) to $100,000 (£64,400).

Microsoft says this alteration "brings defense up on part with offense," of which the tech giant already offers the lure of up to $100,000 for "truly novel" exploits against the Windows operating system.

"Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would," Microsoft says.

Microsoft Service Account and Azure Active Directory authentication vulnerabilities discovered within the two-month period can pay up to $30,000 (£19,330), rather than Microsoft's standard $500 to $15,000 reward (£9,600).

On July 29, Microsoft has released its newest operating system Windows 10, and is now turning to all hackers worldwide to help it in its search for overlooked and leftover bugs.