Microsoft Ups Rewards for Windows Bugs – Fortune

Microsoft set up a new bug bounty program and expanded existing ones on Wednesday, offering payouts that range from $500 to $250,000.

Bug bounties, as the prizes are known, encourage researchers to alert companies about vulnerabilities in their code so they may be fixed. Microsoft (msft) has hosted such programs since 2013. (You can read more about bug hunters in this recent Fortune feature, which follows an elite team hired by Google (goog) to find and report weaknesses in rivals’ code.)

“In the spirit of maintaining a high security bar in Windows, we’re launching the Windows Bounty Program on July 26, 2017,” wrote the Microsoft Security Response Center team announcing the news in a post on the company’s TechNet blog. The new program encompasses Windows Insider Preview (a beta testing program for people interested in software pre-releases) as well as Hyper-V (software that creates virtual machines), Mitigation bypasses (attacks that circumvent operating system defenses), Windows Defender Application Guard (a sandbox that isolates untrusted websites), and Microsoft Edge (the company’s latest web browser).

Get Data Sheet, Fortune’s technology newsletter.

Researchers who find and report critical holes in Hyper-V for versions of Windows including Windows 10 and Windows Server 2012 are eligible for the top reward of $250,000. The previous maximum Hyper-V payout was $150,000.

Here’s a list of the price ranges for various security holes.

Microsoft did not set a time limit on the programs. They “will continue indefinitely at Microsoft’s discretion,” the security response team said.

Microsoft isn’t the only company to host bug bounty programs. Tech titans such as Google, Facebook, and Apple, all sponsor bug bounty programs of their own, as do a slew of other organizations, such Uber, Mastercard, and the U.S. military.

Bug bounty programs have become a popular way to incentivize hackers to improve the security of tech vendors’ code. Alternatively, they can sell their findings on private markets to brokers, other shops that develop exploit kits, or the intelligence arms of governments for spying purposes, where they often fetch top dollar.

Comments

Write a Reply or Comment:

Your email address will not be published.*