Microsoft doubles bug bounty payoff max, expands program
Microsoft said Wednesday it would further expand its Bounty for Defense program, upping the payout maximum from $50,000 to $100,000 and launching a bonus period for its Online Services Bug Bounty during which bounties will be doubled, meaning researchers can receive as much as $30,000 for discovering authentication vulnerabilities, according to a release.
The bonus period will span from Aug. 5 to Oct. 5, 2015 and include bugs found in Microsoft Account (MSA) and Azure Active Directory (AAD). Microsoft will also add a RemoteApp to the list of domains covered under the bounty program.
Microsoft expanded the program to better reward researchers while improving systemwide defenses with the latest expansion coming in response to feedback from the security research community, the release said.