Microsoft wants to incentivize its Windows bug discovery initiative even further. As a result, the company has decided to bring some noteworthy updates to its Windows Insider Preview (WIP) Bug Bounty Program. These updates introduce new scenario-based bounty awards up to $100,000. Microsoft’s Bug Bounty programs are essential to researchers, Windows Insiders, and the company.
Microsoft Bug Bounty Awards
“We’re introducing updates to this program to further incentivize research with the highest impact, including new scenario awards up to $100,000,” Microsoft said in its blog post. “We’re also announcing procedural updates for more seamless integration with researchers and faster Windows bounty awards for eligible research.”
Microsoft believes incentivizing bug discovery helps the company defend against security threats, courtesy of bounty programs. So far, the company has partnered with the research community of Windows Insiders to discover bugs in Windows Insider Preview builds. Microsoft says the Windows Insider Preview (WIP) Bounty Program is “designed to encourage and reward vulnerability research” that impacts customer security.
New updates to Windows Insider Preview Bounty Program five new scenario-based awards ranging between $20,000 and $100,000. The number of vulnerabilities covered in these newly-added scenarios could put the privacy and security of Windows users at risk of exploitation. Meanwhile, Microsoft continues to offer general bounty awards for vulnerability reports that do not fall under scenario-based awards.
General bounty awards continue to range between $500 and $5,000.
Microsoft is also bringing updates to the vulnerability report submission process for faster bounty review.
Microsoft now expects Windows vulnerability reports to indicate if the issue reproduces on WIP Dev Channel. The company also recommends adding the build and revision string in your Windows vulnerability reports. This will expectedly result in a faster review of WIP bounty submissions and speed up the overall award process.
“To further speed bounty review, we recommend using the MSRC Researcher Portal to report vulnerabilities to Microsoft.”
Microsoft says it has updated the user experience of its MSRC Researcher Portal. This way, the company hopes to streamline communication between the data necessary to process award bounty for qualifying submissions.