Site icon 지락문화예술공작단

Announcing the Windows Bounty Program

Announcing the Windows Bounty Program

Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities. We built in mitigations and defenses such as DEP, ASLR, CFG, CIG, ACG, Device Guard, and Credential Guard to harden our systems and we continue adding defenses such as Windows Defender Application Guard to significantly increase protection to harden entry points while ensuring the customer experience is seamless.

In the spirit of maintaining a high security bar in Windows, we’re launching the Windows Bounty Program on July 26, 2017. This will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. We’re also bumping up the pay-out range for the Hyper-V Bounty Program.

Since 2012, we have launched multiple bounties for various Windows features. Security is always changing and we prioritize different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities.

The overall program highlights:

 Category  Targets  Windows Version  Payout range (USD)
 Focus area  Microsoft Hyper-V

 Windows 10

 Windows Server 2012

 Windows Server 2012 R2

 Windows Server Insider Preview

 $5,000 to $250,000
 Focus area  Mitigation bypass and Bounty for defense  Windows 10  $500 to $200,000
 Focus area  Windows Defender Application Guard  WIP slow  $500 to $30,000
 Focus area  Microsoft Edge  WIP slow  $500 to $15,000
 Base  Windows Insider Preview  WIP slow  $500 to $15,000

 

As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

Akila Srinivasan, Joe Bialek, and Matt Miller from Microsoft Security Response Center

David Weston, Jason Silves from Windows and Devices Group Enterprise and Security

Arthur Wongtschowski, Mary Lee, Ron Aquino, and Riley Pittman from Windows and Devices Group Information Security

Source: Announcing the Windows Bounty Program

Exit mobile version