Microsoft Announces Expansion Of Security Bounty Programs Offering Direct Payments in Exchange for Reporting Vulnerabilities

[vc_row][vc_column][vc_column_text]

Microsoft Announces Expansion of Security Bounty Programs Offering Direct Payments in Exchange for Reporting Vulnerabilities

Microsoft is offering direct payments in exchange for reporting certain types of vulnerabilities and exploitation techniques. Microsoft today announced additional expansions of the Microsoft Bounty Programs like raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD, new bonus period for Authentication vulnerabilities in the Online Services Bug Bounty and few others. Read about them below.

The changes to the Bounty for Defense reflect the continuing evolution of the Microsoft Bounty Program, based on the feedback and opportunities brought to us from the Security Research Community.

Raising the Bounty for Defense from $50,000 USD to $100,000 USD
Brings defense up on par with offense
Rewards the novel defender equally for their research

This continued evolution includes a new approach to the Online Services Bug Bounty Program:

Authentication vulnerabilities will receive double bounty payouts
Microsoft Account (MSA) and Azure Active Directory (AAD) vulnerabilities
Bonus period will run from August 5, 2015 – October 5, 2015
All payouts during this period will receive twice the normal payout (that means we will pay $30,000 USD for a great Authentication vulnerability!)

MSA contest at Black Hat

Come show us your 1337 skills and win an Xbox One, Surface 3, or one year of full MSDN access
Come visit us at the Microsoft Networking Lounge, August 5-6, in Mandalay Bay to review full rules and to participate

RemoteApp

RemoteApp lets users run Windows apps hosted in Azure anywhere, and on a variety of devices
RemoteApp is being added as a new property of the Online Services Bug Bounty Program and all of the regular terms and payout rules apply

Source: Microsoft[/vc_column_text][/vc_column][/vc_row]