Microsoft Offers $250,000 For Security Flaws In Expanded Windows Bug Bounty Program

Microsoft is offering up to $250,000 (£190,275) for bugs spotted and reported in its software as part of an expansion of its Windows Bounty Program.

The top money reward is for bugs discovered in Microsoft’s Hyper-V virtualisation software, but more modest rewards start at $500 (£382) for critical or important remote code execution flaws found in Windows.

Bugs identified in Microsoft’s Edge browser or its Windows 10 preview builds will fetch keen eyed flaw spotters up to $15,000 (£11,400).

Bug hunting

Even if Microsoft’s internal engineers and security staff spot a flaw before anyone else, the reward for spotting the bug will still go to the first person outside the company to report it, however it will only be 10 percent of the maximum reward on offer.

Even if Microsoft’s internal engineers and security staff spot a flaw before anyone else, the reward for spotting the bug will still go to the first person outside the company to report it, however it will only be 10 percent of the maximum reward on offer.

This approach and the offer of hefty reward money is likely being adopted to encourage people to report the bug to Microsoft rather than try and sell it on to cyber criminal who can exploit it for attacks such as the WannaCry ransomware campaign.

“Security is always changing and we prioritise different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities,” the company explained.

Bug bounties offer ways for IT experts and people who enjoy digging around in software a means to make some serious money for their efforts. Facebook and other technology companies recently donated more than £200,000 to an open source bug bounty programme.

While cyber security firm Kaspersky also runs its own bug bounty programme, offering rewards of nearly £4,000 for the spotting of remote code execution bugs.

Clearly, technology firms are willing to pay good money to keep independent cyber security researchers and code probers on their side rather than leave them to be attracted to the nefarious world of exploit selling and trading.

Are you a cyber security expert? Try our quiz!

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago