Site icon 지락문화예술공작단

Microsoft Bounty Programs Expansion – Azure and Project Spartan

I am excited to announce significant expansions to the Microsoft Bounty Programs.  We are evolving the 'Online Services Bug Bounty, launching a new bounty for Project Spartan, and updating the Mitigation Bypass Bounty.

This continued evolution includes additions to the Online Services Bug Bounty Program

We’re also launching a new bounty related to the Windows 10 Technical Preview:

The Mitigation Bypass bounty and the Bonus bounty for Defense are both very active, paying up to $100,000 USD for novel methods to bypass active mitigations (e.g. ASLR and DEP) in our latest released version of operating system (currently Windows 8.1 and Server 2012 R2) and a bonus of up to $50,000 USD for actionable defense techniques to the reported bypass.  We have one addition to the Mitigation bypass bounty:

These important additions to the Bounty Programs reflect the continued shift and evolution of technology towards the cloud.  The additions to the bounty program will be part of the rigorous security programs at Microsoft.  They will be worked alongside the Security Development Lifecycle (SDL), Operational Security Assurance (OSA) framework, regular penetration testing of our products and services and Security and Compliance Accreditations by third party audits.

Microsoft has a long history of working closely with security researchers.  Having personally done penetration testing and exploit mitigation, I understand that this is intense and difficult work.  I can say that we truly value these contributions.  Bug bounties are an increasingly important part of the vulnerability research and defense ecosystem and will continue to evolve over time.  We will be regularly managing the Microsoft Bounty Programs to help us best protect our many users.

Mark Russinovich will be sharing some information in his “Assume Breach: An Inside Look at Cloud Service Provider Security” talk.  You can also come by the Microsoft Booth at RSA on April 23, 2PM for a Bounty Program Q&A or you can always find the most up to date information about our bounty programs at https://aka.ms/BugBounty and in the associated terms and FAQs. 

I’m looking forward to seeing some great submissions!

Jason Shirk


Source: ms-msrc

Exit mobile version