Microsoft Launches Windows Bug Bounty Program Because Late Is Better Than Never

Posted on July 26, 2017 by Brad Sams in Windows 10 with

If you find a bug in a popular application from a large company, there is a good chance that they offer a ‘bug bounty’ program where you can report the issue and make a little bit of money for uncovering the flaw. These programs have been around for some time but surprisingly, Microsoft did not offer a reward for reporting issues with Windows.

Starting today, Microsoft is expanding programs it has offered as far back as 2012, to include Windows 10 in addition, to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. Payouts can range from as low as $500 for finding a flaw in an Insider preview build to $250,000 for an issue with Hyper-V.

These types of bounty programs are necessary in a world where exploits found in a program can be sold to nation states or to other malicious groups to create ransomware. With Microsoft now offering a direct payout for reporting security flaws in its products for Windows, the goal is to reduce the number of exploits released in the wild and make Windows a more secure product.

What’s odd is that it has taken Microsoft this long to create a Windows 10 bounty program. You would think they would want everyone to report any flaw to them right away but when there is financial gain to be made by keeping an exploit private, there is little incentive to do so unless Microsoft was willing to offer a reward which they previously were not doing.

 

Tagged with , , ,

Register for this upcoming webinar on Petri.com
Webinar: Accelerate Smart Factory ROI with Deloitte and HPE’s Digital IoT

Join HPE and Deloitte for a discussion on how to take advantage of IT and OT convergence to deliver the Factory of the Future

Tuesday, October 24, 2017
at 2 p.m. EST

Register for this upcoming webinar on Petri.com
Webinar: Accelerate Smart Factory ROI with Deloitte and HPE’s Digital IoT

Join HPE and Deloitte for a discussion on how to take advantage of IT and OT convergence to deliver the Factory of the Future

Tuesday, October 24, 2017
at 2 p.m. EST