Microsoft, Google boost bounty payouts

March 3, 2017 // 12:17 p.m.

Tags: #0day #0-day #bug-bounty #google #microsoft #security #security-researcher #vulnerability #zero-day

Microsoft and Google have both announced increased payouts for their respective bug bounty programmes, which offer security researchers cash in exchange for private disclosure of critical security flaws.

Bug bounty programmes are becoming increasingly popular among technology companies, with Apple recently launching its own following Microsoft's 2013 launch and Google's long-running, publicly accessible programmes. For every company willing to pay large sums for security flaws, though, there's a malicious actor waiting in the wings to pay even more - which is, it's fair to surmise, likely why both Google and Microsoft have announced that they are increasing their bounty payouts.

Microsoft's programme expansion runs through until May this year and doubles the value of vulnerabilities discovered in its Exchange Online and Office 365 Admin platforms from a minimum payout of $500 to $1,000 and a maximum payout of $15,000 to $30,000. Other bounty programmes run by the company, including those paying out for bugs found in its Windows platform, have not been increased. Google, meanwhile, is increasing its own bounties while also paying homage to 133t h4ck3r culture: Remote code execution vulnerabilities are now eligible for payouts of up to $31,337 from $20,000 and file system or database access vulnerabilities up to $13,337 from $10,000. Payouts for other vulnerabilities - including cross-site scripting attacks and security control bypass attacks - remain unchanged.

Those who fancy chancing their arm at finding an eligible flaw can find more information regarding the bounties on Microsoft's Security TechCentre and Google's Reward Programme hub.

QUICK COMMENT

View this in the forums

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU