Technology giant Microsoft has announced that it is raising the reward for its bug bounty program named “Bounty for Defense”, from $50,000 to $100,000 at the Black Hat hacker conference in Las Vegas, reports CNET.
The company is embracing a new approach to bug bounties by offering additional bonuses and doubling the payouts for researchers who successfully detect vulnerabilities. Microsoft is also adding existing features and services covered in the bug bounty program, giving the incentive to white hat hackers and security researchers to find security flaws in more Microsoft products.
A Big bug bounty
Following the launch of Microsoft’s flagship software product in Windows 10, the Redmond-based company is inviting hackers to find vulnerabilities and flaws and report them to the company in exchange for increased payouts and rewards.
“We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD. I am also very excited to announce that we are launching a bonus period for Authentication vulnerabilities in the Online Services Bug Bounty,” wrote Microsoft security architect Jason Shirk in a blog post.
“We are adding RemoteApp to the list of domains covered in the Online Services Bug Bounty,” he added.
Related article: Microsoft Launches Project Spartan Bounty
The company stressed that the new approach “brings defense up on par with offense” and believes that the increased bounty “rewards the novel defender equally for their research.”
Microsoft is also putting the spotlight on combating security flaws related to authentication. Researchers who spot an authentication vulnerability within the “bonus” period of August 5 and October 5 2015, will see their rewards doubled after submitting their findings through the Online Service Bug Bounty program.
RemoteApp, a service that allows users to execute and run Windows applications hosted through Azure on a number of different devices is also included in the payout program.
“Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would,” Microsoft added.
Independent security researchers and white-hat hackers are key to Microsoft, being their best ally beside their own employees at an important time for the company following the launch of Windows 10. By pushing the bar for bounty programs higher, Microsoft is pushing to ensure that security researchers rush to find vulnerabilities for Microsoft to then patch them as quickly as possible while the wider world is slowly starting to adopt Windows 10.
