Microsoft's Windows bug bounty pays up to US$250,000

Microsoft launches bug bounty program for Windows operating system with pay-outs ranging from US$500 to US$250,000.

microsoft's windows bounty program
Microsoft launches bounty program for Windows. Reuters

Microsoft has launched the Windows bug bounty program on Wednesday with pay-outs ranging from US$500 to US$250,000. The cloud computing company is seeking to strengthen the security wall of Windows operating system through added defensive technologies and the bug-hunting program.

The Windows Bounty Program includes the feature of the Windows Insider Preview on top of Microsoft Edge, Windows Defender Application Guard, Hyper-V, and Mitigation bypass. Microsoft noted that the payout for the Hyper-V Bounty Program has been increased.

Microsoft takes pride in Windows 10 to embody "the best and newest in our strong commitment to security with world-class mitigations". In a statement, the Redmond, Washington-based company said it is using a host of its advanced mitigations and defences to boost up the system and make it hard for vulnerabilities to enter gateways in hopes to ensure "the customer experience is seamless".

"One of Microsoft's longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities", says Microsoft in a statement.

Microsoft has noted that it is willing to pay the first finder of a bug within the Windows OS even if it is already discovered by the company. Hyper-V pays the highest from US$5,000 up to US$250,000.

The US$250,000 cap of Microsoft is only US$50,000 higher than Apple's Bug Bounty Program. Earlier this month, IBTimes SG reported that Apple's program has not taken off a year after it was launched because the reward is dirt cheap. Security researcher Nikias Bassen said they could earn as much as a million dollar if they can declare a zero-day iOS exploit to third-party companies.

Apple's bounty has its member researchers nonchalant to go after iOS bugs. For now, no one could tell if Microsoft's bounty program would pan out after a year with an almost similar prize to Apple is up for grabs.

This article was first published on July 28, 2017
READ MORE