Microsoft Now Offers Up To $100,000 Reward to Security Researchers for Finding Bugs in the Windows Insider Preview

According to Microsoft, working with the cybersecurity researchers’ community is of the most important part of the company’s holistic approach to combat security threats. Bug bounty programs are a part of Microsoft’s such partnerships, and they are designed to encourage as well as reward researchers for spotting vulnerabilities. Recently, the tech giant announced that updates to the Windows Insider Preview Bounty Program, a key bounty program for the company and research community.

One of the most significant changes being introduced to the program is that the company has increased the highest potential reward amount to up to $100,000. In addition to that, Microsoft also said that it has revamped the program portal to make it convenient for researchers to submit the discovered vulnerabilities.

The WIP bounty program was first launched back in the year 2017, and initially, the company offered rewards ranging between $500 and $ 15,000, however, the maximum reward offered has now been increased to a whopping $100,000. The Microsoft WIP Bug Bounty Program provides opportunities for bug hunters to report vulnerabilities in WIP (Windows Insider Preview) in different products such as Windows Defender, Hyper-V, Microsoft Edge, and more.

Now, the program includes five scenario-based rewards for bugs that could put the privacy and security of clients at risk of exploitation. While the company is refocusing the Windows Insider Preview Bug Bounty Program to defend as well as protect consumers from five high-risk exploitation scenarios, Microsoft will continue to offer bounties for other valid bug reports as well, that do not qualify for the five scenario-based rewards. With the bug reports, researchers can earn rewards ranging between $500 and $5,000, the company wrote in a blog post while announced the revamped program.

The company offers the maximum reward money for running unauthorized non-sandboxed code without customer interaction, while you can get $50,000 for demonstrating unauthenticated access to private data of users with little or no interaction of users. For enabling quicker triage and review of bounty submissions and ultimately receiving reward money faster, the company asks all bung reports to indicate if the issue reproduces on Windows Insider Preview Dev Channel. Researchers are also required to include the build as well as revision string in their Windows vulnerability reports.

The new move will help the Redmond-based company to keep its customers safe from hacking attacks by offering more rewards to researchers for discovering and reporting vulnerabilities to the company. If you are a security researcher and would like to participate in the WIP Bounty Program, Microsoft recommends reporting the vulnerability on the MSRC Researcher Portal which has been updated to streamline communication of the necessary information to triage, assess, and ultimately award bounty for submissions that qualify.



Read next: Microsoft Is Updating the Office 365 ATP Threat Explorer to Help Identify Malicious Email Spam

No comments:

Post a Comment