According to the authors of the book Learn ethical hacking, Microsoft paid more than $2M USD to security experts who participated in its vulnerability bounty program during 2018. Experts from the International Institute of Cyber Security (IICS) report that the software company’s plans focus on extending this rewards program by implementing a series of improvements that will significantly contribute to the cybersecurity community.
This expansion will begin with the Cloud, Windows and Azure DevOps programs, which will award rewards at the end of the replay and evaluation of each shipment rather than waiting until a final solution has been determined.
According to the authors of the book Learn ethical hacking, reducing the time from the presentation to the determination of rewards, Microsoft will help researchers to make gains in reduced times, which should encourage them to follow Working in the area of ethical hacking; This measure could even contribute to adding more investigators to this cause.
The company announced a series of measures for improving bounty program, including:
- Increased vulnerability bounties at Github platform
- European Union participation in program financing, to improve open source software
- Launch of an HP printer vulnerability bounty program
The authors of Learn ethical hacking mention that Microsoft has also formed an alliance with HackerOne, a platform that will handle the processing of reward payments, making this process really efficient. This security platform, operated by highly trained hackers, will also include new payment options, including bank transfers in more than 30 different currencies, and payments via PayPal.
Microsoft will also increase rewards payments. For example, the Windows Insider Preview bounty will increase from $15k USD to $50k USD; on the other hand, Cloud Bounty for Azure and Office 365, will increase from $15k USD to $20k USD, according to the authors of Learn ethical hacking.