Skip to main content

Microsoft doubles up maximum defensive bounty reward for security researchers

Microsoft is ramping up its security efforts by upping bounty reward payments on the defensive front.

In a TechNet blog post (spotted by The Register), Redmond announced it is doubling up the maximum 'Bounty for Defense ' payment from $50,000 (£32,000) to $100,000 (£64,000).

That means it now matches the offence bounty, so in other words, Microsoft is now equally valuing those who can come up with clever defensive security measures – which certainly seems only fair.

The company noted: “Microsoft will pay up to $100,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission. Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide (in conjunction with the Mitigation Bypass Bounty).”

Microsoft said the changes were made partially based on feedback received from the security research community.

Redmond also said that it is opening up a bonus period for those who can find authentication flaws when it comes to the Online Services Bug Bounty, and RemoteApp has been added to the list of domains covered in said bug bounty scheme.

Also on the bug squashing front, Yahoo recently announced that it has paid out over $1 million in bounties to those who have reported security vulnerabilities, since changing its bounty scheme to pay out hard cash instead of vouchers for Yahoo branded merchandise.