14 DAY TRIAL // Microsoft is a relatively new player in the bug bounty industry, but the company plays its card very well, so today it has announced an update to its original program that increases the reward for those who find security issues in its software to $100,000.
In other words, yes, that’s the amount you can earn if you find a security bug in Microsoft’s apps that qualifies for the Bounty for Defense category - this is an increase of 100 percent, as the original reward was $50,000.
At the same time, the software giant is also offering a bonus for Authentication vulnerabilities in the Online Services Bug Bounty that will double the reward for any security problem that you find.
“These additions to the Microsoft Bounty Program will be part of the rigorous security programs at Microsoft. Bounties will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services, and Security and Compliance Accreditations by third party audits,” Microsoft explains.
More prizes offered at Black Hat in Las Vegas
And last but not least, Microsoft has also announced that it has added RemoteApp on the list of domains included in the Online Services Bug Bounty, so if you find a security bug in this application, you can once again be paid for providing all details to Microsoft. All the regular terms and payout rules apply, Microsoft says in the original announcement.
Unsurprisingly, this new announcement comes during the Black Hat security conference in Las Vegas, with Redmond inviting attendees to visit its boot and win prizes such as Xbox One consoles, Surface 3 tablets, or MSDN subscriptions.
The company doesn’t say exactly what you have to do to win these prizes, but it mentions that you need to prove your 1337 skills and that the full rules are provided at its booth.