- Joined
- Jun 27, 2006
- Messages
- 23,048
- Thread Author
- #1
I am very pleased to be releasing additional expansions of the Link Removed. Please stop by the Microsoft Networking Lounge at Black Hat, August 5-6, to learn more about these programs; or, visit Link Removed. We are raising the Bounty for Defense maximum from $50,000 USD to $100,000 USD. I am also very excited to announce that we are launching a bonus period for Authentication vulnerabilities in the Online Services Bug Bounty. We will be running an onsite contest at Black Hat in Las Vegas, August 5-6, related to this effort. Lastly, we are adding RemoteApp to the list of domains covered in the Online Services Bug Bounty.
The changes to the Bounty for Defense reflect the continuing evolution of the Microsoft Bounty Program, based on the feedback and opportunities brought to us from the Security Research Community.
This continued evolution includes a new approach to the Link Removed:
These additions to the Microsoft Bounty Program will be part of the rigorous security programs at Microsoft. Bounties will be worked alongside the Link Removed (SDL), Link Removed (OSA) framework, regular penetration testing of our products and services, and Link Removed by third party audits.
It has been great to see the reaction from the research community to the Microsoft Edge Bug Bounty, and the Azure addition to the Link Removed. I hope to see equal enthusiasm for these new editions!
The changes to the Bounty for Defense reflect the continuing evolution of the Microsoft Bounty Program, based on the feedback and opportunities brought to us from the Security Research Community.
- Raising the Bounty for Defense from $50,000 USD to $100,000 USD
- Brings defense up on par with offense
- Rewards the novel defender equally for their research
This continued evolution includes a new approach to the Link Removed:
- Authentication vulnerabilities will receive double bounty payouts
- Microsoft Account (MSA) and Azure Active Directory (AAD) vulnerabilities
- Bonus period will run from August 5, 2015 - October 5, 2015
- All payouts during this period will receive twice the normal payout (that means we will pay $30,000 USD for a great Authentication vulnerability!)
- MSA contest at Black Hat
- Come show us your 1337 skills and win an Xbox One, Surface 3, or one year of full MSDN access
- Come visit us at the Microsoft Networking Lounge, August 5-6, in Mandalay Bay to review full rules and to participate
- Link Removed
- RemoteApp lets users run Windows apps hosted in Azure anywhere, and on a variety of devices
- RemoteApp is being added as a new property of the Link Removedand all of the regular terms and payout rules apply
These additions to the Microsoft Bounty Program will be part of the rigorous security programs at Microsoft. Bounties will be worked alongside the Link Removed (SDL), Link Removed (OSA) framework, regular penetration testing of our products and services, and Link Removed by third party audits.
It has been great to see the reaction from the research community to the Microsoft Edge Bug Bounty, and the Azure addition to the Link Removed. I hope to see equal enthusiasm for these new editions!