Microsoft joins forces with HackerOne to boost bug bounties

Security researchers will be able to get their hands on the money before they're fixed

Bug bounty

Microsoft has revamped its hacker bounty programme, following a tie-up with hacker community HackerOne.

The partnership will speed up the time it takes for security researchers and non-malicious hackers to receive their payments after uncovering flaws in the company's Cloud, Windows and Azure DevOps environments.

The use of HackerOne not only means those finding vulnerabilities will get paid faster, they'll also be able to split their bounty and donate directly to charity from their rewards.

Bounties have been increased substantially too. If someone finds a flaw as part of the Windows Insider Preview, they can now be rewarded with money pots ranging from $15,000 up to $50,000. For those finding bugs in Microsoft's Cloud Bounty programme, rewards haven't experienced such a jump, but can receive up to $20,000 for their efforts.

Advertisement
Advertisement - Article continues below

Another way Microsoft is ensuring those finding bugs are getting the recognition they deserve is by ensuring they're paid as soon as the vulnerability has been reproduced and assessed rather than making them wait until a fix has been developed.

If an external party uncovers a vulnerability already known to Microsoft which has been identified by an internal team the individual submitting the flaw will receive the full bounty, rather than 10% of the eligibility as was previously the case. However, anyone else finding the problem after this will still only be rewarded with the 10%.

Microsoft's bounty programmes have so far paid security researchers more than $2,000,000 to help the company improve its products and services.

"Microsoft is committed to enhancing our Bounty Programs and strengthening our partnership with the security research community, and I look forward to sharing more updates and improvements in the coming months," said Jarek Stanley, senior program manager at Microsoft.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019