Microsoft wants to reward users more quickly as part of its improvements to its Microsoft Bounty Program. Additionally, the company wants to increase rewards for exploits. To become more efficient in paying hackers, Microsoft has announced a partnership with HackerOne.
If you are unfamiliar with the Bounty Program, it is an initiative that gives hackers rewards for finding flaws in Microsoft Windows, Azure DevOps, and Cloud solutions. The Bounty Program has extended across Azure (April 2015) and Office 365 (August 2015). In September, 2016 the Bug Bounty also extended to the Microsoft Edge Insider Program.
During 2018, the Microsoft Bounty Program debuted as a catch-all program.
In an announcement this week, Microsoft says it wants to pay faster when a spotter finds an exploit and successful reproduces it. Currently, payouts only happen once Microsoft has issued a fix for the vulnerability.
HackerOne will provide the underpinning of a new faster payment system. The company will provide payments in different options, such as cryptocurrency, bank transfer, or PayPal.
Microsoft says since its launch, the Microsoft Bounty Program has awarded over $2 million to hackers who found holes in its services. However, the company wants to do more so has increased payments.
Windows Insiders who find a vulnerability can now receive $50,000, a sizeable increase from the previous $15,000. Any successful exploit of Azure, Office 365, or another online service will now receive $20,000.
Furthermore, the first researcher to find a vulnerability will now receive the full reward. Microsoft points out this will be paid even if the company already knew about the issue internally. Previously Redmond would only payout 10% of a bounty if it already knew of a vulnerability.