1.    26 Jul 2017 #1
    Join Date : Oct 2013
    Posts : 25,285
    64-bit Windows 10 Pro build 17046

    Announcing the Windows Bounty Program


    Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft’s longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities. We built in mitigations and defenses such as DEP, ASLR, CFG, CIG, ACG, Device Guard, and Credential Guard to harden our systems and we continue adding defenses such as Windows Defender Application Guard to significantly increase protection to harden entry points while ensuring the customer experience is seamless.

    In the spirit of maintaining a high security bar in Windows, we’re launching the Windows Bounty Program on July 26, 2017. This will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. We’re also bumping up the pay-out range for the Hyper-V Bounty Program.

    Since 2012, we have launched multiple bounties for various Windows features. Security is always changing and we prioritize different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities.

    The overall program highlights:

    • Any critical or important class remote code execution, elevation of privilege, or design flaws that compromises a customer’s privacy and security will receive a bounty
    • The bounty program is sustained and will continue indefinitely at Microsoft’s discretion
    • Bounty payouts will range from $500 USD to $250,000 USD
    • If a researcher reports a qualifying vulnerability already found internally by Microsoft, a payment will be made to the first finder at a maximum of 10% of the highest amount they could’ve received (example: $1,500 for a RCE in Edge, $25,000 for RCE in Hyper-V)
    • All security bugs are important to us and we request you report all security bugs to secure@microsoft.com via Coordinated Vulnerability Disclosure (CVD) policy
    • For the latest information on new Windows features included in the Insider Previews, please visit the Windows 10 Insider Program Blog
    • The details of the targets and the focus area can be found in the table below:

    Category Targets Windows Version Payout range (USD)
    Focus area Microsoft Hyper-V Windows 10
    Windows Server 2012
    Windows Server 2012 R2
    Windows Server Insider Preview
    $5,000 to $250,000
    Focus area Mitigation bypass and Bounty for defense Windows 10 $500 to $200,000
    Focus area Windows Defender Application Guard WIP slow $500 to $30,000
    Focus area Microsoft Edge WIP slow $500 to $15,000
    Base Windows Insider Preview WIP slow $500 to $15,000

    As always, the most up-to-date information about the Microsoft Bounty Programs can be found at https://aka.ms/BugBounty and in the associated terms and FAQs.

    Akila Srinivasan, Joe Bialek, and Matt Miller from Microsoft Security Response Center
    David Weston, Jason Silves from Windows and Devices Group Enterprise and Security
    Arthur Wongtschowski, Mary Lee, Ron Aquino, and Riley Pittman from Windows and Devices Group Information Security


    Source: Announcing the Windows Bounty Program MSRC
      My ComputersSystem Spec
  2.    27 Jul 2017 #2
    Join Date : Jan 2017
    Turku
    Posts : 1,787
    Windows 10 Pro IP Build 16299.19 (Branch: RS3 Release)

    @Brink Thanx!

    Let's start hacking!
      My ComputersSystem Spec

 


Similar Threads
Thread Forum
Extending the Microsoft Edge Bounty Program
Source: Extending the Microsoft Edge Bounty Program MSRC See also: Microsoft Security :: Security Vulnerability | Report a Vulnerability | MSRC:
Windows 10 News
Extending Microsoft Edge Bounty Program
Source: Extending Microsoft Edge Bounty Program MSRC
Windows 10 News
Office Announcing new Bug Bounty Program for Office Insider Builds on Windows
Source: https://blogs.technet.microsoft.com/msrc/2017/03/15/announcing-the-new-bug-bounty-program-for-office-insider-builds-on-windows/ See also: https://technet.microsoft.com/en-us/mt797549.aspx...
Windows 10 News
Update to Microsoft Edge Windows Insider Preview Bug Bounty Program
Source: Update to the Microsoft Edge Web Platform on Windows Insider Preview Bug Bounty Program terms MSRC
Windows 10 News
Microsoft Adds OneDrive to Bug Bounty Program
Source: Microsoft Bounty Programs Announce Expansion Bounty for Microsoft OneDrive | MSRC
Windows 10 News
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 19:10.
Find Us
Twitter Facebook Google+ Ten Forums iOS App Ten Forums Android App



Windows 10 Forums