Microsoft increases maximum cash payout of its bug bounty program to $100,000

Microsoft announced at the Black Hat conference that it's doubling the size of its payments in its Bounty for Defense program. Under this program, the software giant pays security researchers who find and disclose security issues in Microsoft's software. The new maximum bounty is $100,000 as Microsoft explains it's "bringing defense up on par with offense" as zero-day exploits for popular software can be worth quite a lot on the black market.

Let's say an exploit has been discovered in the wild, and Microsoft has mitigated (or patched) that exploit. If you can get around that mitigation, you have a submission for the company's Mitigation Bypass program, which could net you up to $100,000. Ideas for defending against further hacking efforts are eligible for the Bounty for Defense program, which has its own $100,000 maximum payout. Submissions that offer both a mitigation bypass and a defensive idea would receive both bounties. These bounties are only good for attacks on the latest version of Windows, so those of you interested in submitting your brilliant ideas need to cover Windows 10.

Additionally, Microsoft also expanded its Online Service Bug Bounties program to cover Azure Active Directory and the Microsoft Account Service, in addition to Office 365 and the other Azure services that were previously eligible. The bug bounty for this program has also been raised temporarily, to a maximum payout of $30,000 until October 5.

Source: The Tech Report