Microsoft's joined the growing list of vendors trying to compete with black-hat and spook vulnerability-buyers by doubling some of its reward offerings to $100,000.
With Windows 10 now on user machines (and already receiving both a security patch and criticism over its Wi-Fi defaults), Redmond's used BlackHat USA 2015 to announce the new top rate (under its Bounty for Defense program) along with a slew of other revisions.
Microsoftie Jason Shirk announced the changes in this Technet blog post.
The change brings the defensive bounty in line with what's on offer for offense research, Shirk says, and “rewards the novel defender equally for their research”.
In other words, Microsoft's decided great protection ideas might be as valuable as tipping money in the direction of people who find ways to break things.
Other changes to the program include:
- Azure Active Directory and Microsoft Account authentication vulnerabilities also get their payouts doubled until October 5 2015, for a maximum $30,000;
- RemoteApp (which lets Windows users run apps hosted in Azure) has been added to the Online Services Bug Bounty program.