Microsoft has introduced a new bounty program targeting its Microsoft Defender suite of security products. With the offer of substantial financial rewards, Microsoft aims to bolster the security mechanisms of its software by leveraging the skills of security researchers worldwide.
Rewards and Criteria
Under the new program, security researchers have an incentive to discover vulnerabilities in the Microsoft Defender for Endpoint APIs, the focus of the initial phase of the bounty program. Over time, the scope of this initiative will expand to include other components within the Microsoft Defender brand.
On Microsoft's dedicated bounty page, the criteria for eligibility are outlined: identified bugs must pertain to tampering, spoofing, information disclosure, or privilege elevation to qualify for cash rewards ranging from $500 to $8,000, based on the severity of the bug.
Top Rewards for Critical Flaws
The most substantial payouts, however, are reserved for the discovery of Remote Code Execution (RCE) vulnerabilities in Defender. Researchers identifying RCE issues stand to earn from $5,000 to $20,000. Furthermore, for bugs concerning Microsoft's Bing AI services unveiled earlier, Microsoft offers up to $15,000 in bounties.