What are the two ways of being surprised by a major or minor vulnerability as a developer in your software? Firstly: have hackers make an unprecedented attack on your software and make the news worldwide of a successful hack and ruin your credibility. Secondly: have a bug bounty program to invite the ethical and non-ethical hackers have an expected shot to find major flaws in the programming to gain the huge sum offered as a bounty. This is what a firm as big as Microsoft has decided to go with the latter.
As part of the Microsoft bug bounty program, it has offered to pay up to $250,000 to invite security firms and researchers to find out bugs in the current Windows Operating Systems. This is to ensure that the bugs are rightfully removed and corrected to ensure a seamless user experience. Not only is this Microsoft bug bounty program limited to operating systems but also regarding all other softwares developed by Microsoft.
This positive step has been taken by Microsoft following the major hacking attempts and success that hackers got in recent past like the WannaCry and Petya Ransomware attacks which reportedly affected thousands or maybe millions of computers running Windows OS worldwide. According to a press release by Microsoft regarding the bug bounty program, it said the following:
“Security is always changing, and we prioritise different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities.”
Microsoft launched small bug bounty programs in recent past and with success in identifying issues such as unauthorized remote code execution, mitigation bypass and much more, it has decided to come up with a larger and widespread Microsoft bug bounty program.
Microsoft also quoted that to maintain its level of security and quality on Windows and other products, it is launching this program from 26th July 2017 and this program will continue indefinitely till Microsoft chooses to end this.
Microsoft bug bounty program handlers have also released a list of what products they are looking forward to be targeted as following:
- Windows 10, Windows Server 2012 and Insider Previews
- Microsoft Hyper-V
- Mitigation Bypass Techniques
- Windows Defender Application Guard
- Microsoft Edge Browser
If you have the skills, be part of this Microsoft bug bounty program and earn money!