Microsoft Launches Windows Bug Bounty Program With Rewards Ranging From $500 To $250,000

Microsoft on Wednesday announced the Windows Bounty Program. Rewards start at a minimum of $500 and can go up to as high as $250,000. From a report: To be clear, Microsoft already offers many bug bounty programs. This is also not the first to target Windows features -- the company has launched many Windows-specific bounties for those starting in 2012. The Windows Bounty Program, however, encompasses Windows 10 and even the Windows Insider Preview, the company's program for testing Windows 10 preview builds. Furthermore, it also has specific focus areas: Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.

Okay Dokey

[fahrbot-bot]

I mailed in a Windows 10 Install DVD. When do I get my check for $250k?

Edge

[sproketboy]

> Furthermore, it also has specific focus areas: Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.

Yeah but then I'd have to use Microsoft Edge.

Re:Edge

[bobbied]

Yea, but it's FASTER (according to M$'s PR campaign that comes up when you start Edge)... Well SURE it's faster, it doesn't support anything that would slow it down.

Re:Don't get excited

[mysidia]

Also, Microsoft has historically quite the reputation of downplaying discovered bugs with security impact or reclassifying as lower impact, Until an actual exploit is publicized that defeats all mitigations.

Doubt the bounty will help matters. Merely discovering a bug is not enough --- you're going to need to build the exploit to.

Once you have a RCE exploit, you could PROBABLY make a lot more than $250k selling that to the CIA, etc.

Re: They can't be serious!

[F.Ultra]

If we assume that NSA has such leverage over MS then that is propably a whole different section than the one doing this bounty program, remember that MS is a huge corporation.