Want $100,000? Microsoft Willing To Pay Bug Hunters Big $$$

Microsoft is doubling the reward for hacking into its systems and reporting the flaws and is now offering a hefty $100,000.

The company's bug bounty program aims to encourage hackers to crack its systems and share their methods so that Microsoft can learn about exploitation techniques and improve its security.

The maximum Bounty for Defense reward went up to $50,000, but the company is now doubling that amount to a maximum of $100,000 in an effort to attract more participants. The larger reward should also encourage more people to report the flaws to Microsoft rather than disclosing them separately.

"We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD. I am also very excited to announce that we are launching a bonus period for Authentication vulnerabilities in the Online Services Bug Bounty," Microsoft's security architect Jason Shirk announced in a company blog post last week.

The bonus period kicked off on Aug. 5 and will run through Oct. 5 this year. During this period, all payouts will be twice the normal payout, which means that a good Authentication vulnerability will be worth $30,000.

It's also worth pointing out that RemoteApp is now part of the list of domains Microsoft covers in its Online Services Bug Bounty.

The heftier rewards come at a crucial time for Microsoft, as the company recently launched its latest operating system. The highly anticipated Windows 10 rolled out for PC on July 29 and it will surely be a target for attacks. Cybercriminals often attack new operating systems, as well as Java and Flash software because they have numerous users.

Making sure that Windows 10 is secure enough is a top priority for Microsoft, and the new reward bonus should entice more hackers to cooperate and help Microsoft handle more exploitation techniques.

Through this program, Microsoft will be able to improve security at a faster pace than it would if it caught one vulnerability at a time. The new additions to the Microsoft Bounty Program will integrate with the company's security programs. According to Microsoft, bounties will be working alongside other company efforts, such as the Security Development Lifecycle (SDL), regular penetration tests for Microsoft products and services, Operational Security Assurance (OSA) framework, as well as Security and Compliance Accreditations from third-party audits.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics