14 DAY TRIAL // Microsoft has expanded its bug bounty program to Windows 10, with the company willing to pay up to $250,000 to security researchers who discover vulnerabilities in its operating system.
The Windows 10 bug bounty includes rewards ranging between $500 and $250,000 depending on how complex the security vulnerability that is discovered and the amount of information provided to the company – for example, submissions with proof of concepts are paid more.
The program targets any critical or important class remote execution, elevation of privilege, or design flaws in the Windows 10 operating system that can be used by attackers to compromise the security and privacy of a device, Microsoft explains.
Everyone finding such a bug is eligible for a bounty, though the company explains that if someone discovers a bug that has already been reported internally, only 10 percent of the highest amount they could’ve received would be paid.
“All security bugs are important to us and we request you report all security bugs,” the company explains.
Focus areas for bug bounties
There are five main areas of focus, and security vulnerabilities in Microsoft Hyper-V are the best paid, with Microsoft offering rewards between $5,000 and $250,000 for such bugs in Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server Insider Preview.
Up to $200,000 is also paid for mitigation bypass and bounty for defense in Windows 10, while flaws in the Windows Defender Application Guard can bring you up to $30,000. Flaws in Microsoft Edge are rewarded with a maximum of $15,000.
“Security is always changing and we prioritize different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities,” the company says.
The bug bounty program for Windows 10 is already up and running, and the company says it’ll continue running indefinitely at Microsoft’s discretion.
