Microsoft has launched a new bug bounty program, offering rewards ranging from $500 to $250,000 to anyone able to identify flaws in the company’s operating system.
The Windows Bounty Program has been billed as a more complete version of previously released schemes, which the Redmond, Washington-based giant first started rolling out in 2012 in a bid to address potential security issues before they spiral out of control.
The latest program runs indefinitely, rather than for a limited time, covers the whole operating system, rather than just a few specific features, includes Windows Insider Preview, the company’s program for testing preview builds, and promises to dole out higher rewards than ever before.
In a statement, Microsoft confirmed that bounty’s will be dished out to anyone that discovers “any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security.”
Windows Bounty Program has been broken down into specific areas of focus, each of which offer different levels of compensation. The most generous awards have been reserved for those able to discover issues with Microsoft Hyper-V, the company’s virtualization software. Anyone that finds fault with this particular product, across multiple operating systems including Windows 10, Windows Server 2012, Windows Server 2012 R2 and Windows Server Insider Preview, will be rewarded with anything between $5,000 to $250,000.
Second on the list of priorities is protecting Mitigation Bypass and Bounty for Defense. Participants that find flaws in the company’s security system in Windows 10 could be due compensation ranging from $500 to $200,000.
Other areas of focus include security feature Windows Defender Application Guard, web browser Microsoft Edge and Windows Insider Preview.
Microsoft added that participants who identify a flaw already flagged by the company will receive a lower payout. In such cases, the first finder will be rewarded with 10 percent of the maximum amount listed in the table above.
Originally published on Investopedia
No comments:
Post a Comment