Network Security, Vulnerability Management

Microsoft doubles bug bounty payoff max, expands program


Microsoft said Wednesday it would further expand its Bounty for Defense program, upping the payout maximum from $50,000 to $100,000 and launching a bonus period for its Online Services Bug Bounty during which bounties will be doubled, meaning researchers can receive as much as $30,000 for discovering authentication vulnerabilities, according to a release.

The bonus period will span from Aug. 5 to Oct. 5, 2015 and include bugs found in Microsoft Account (MSA) and Azure Active Directory (AAD). Microsoft will also add a RemoteApp to the list of domains covered under the bounty program.

Microsoft expanded the program to better reward researchers while improving systemwide defenses with the latest expansion coming in response to feedback from the security research community, the release said.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.