Skip to main content
MSRC

Bountyprograms

BlueHat v14 is almost here

Monday, October 06, 2014

It’s that time of year and BlueHat v14 is almost upon us. As always, BlueHat is an opportunity for us to bring the brightest minds in security together, both internal and external, to discuss and tackle some of the hardest problems facing the industry today. Through this conference, our engineering teams get deep technical information and education on the latest threats from proven industry experts.

Bug Bounty Evolution: Online Services

Tuesday, September 23, 2014

Today marks the next evolution in bounty programs at Microsoft as we launch the Microsoft Online Services Bug Bounty program starting with Office 365. In our mobile first, cloud first world, this is an exciting and logical evolution to our existing bug bounty programs. Office 365 is the first of our online services groups to launch a bounty for vulnerabilities found in their services and we will bring others into the program as we go forward.

Bounty News Update: Bountiful Harvest

Friday, October 04, 2013

Fall is a season traditionally associated with a harvest after planting the seeds and tending the crops. Today I’m proud to announce the names of six very smart people who have helped us make our products more secure by participating in our new bounty programs. When we launched our bounty programs in June this year, we had a few strategic goals in mind:

Preparing for Live Pwnage: Mitigation Bypass Bounty Machine Specs for Black Hat

Wednesday, July 24, 2013

With about one week to go before we all gather at Black Hat in Las Vegas, we’re getting inquiries about precisely how the promised Live Mitigation Bypass Bounty judging at Black Hat will work. For most of the world, it works best when you get a good spot at the Microsoft booth (#301) around noon each day, so you can clearly see the excitement as some of security’s best and brightest look to pop built-in Windows 8.

Filling A Gap In the Vulnerability Market – First Bounty Notification

Wednesday, July 10, 2013

When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs designed to create a win-win between the security researcher community and Microsoft’s customers, by focusing on key data about what researchers were doing with vulnerabilities they found in our products.

New Bounty Programs – One Week In

Wednesday, July 03, 2013

Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available for download, and the doors officially opened for bounty-eligible submissions to secure [at] Microsoft [dot] com.

Doors Open for New Bounty Programs

Thursday, June 27, 2013

As we announced last week, Microsoft is now offering $100,000 bounties for new exploitation techniques that can bypass our latest platform-wide defenses and up to $50,000 bonus bounties for defense ideas. We’re also offering (from now until July 26) bounties of up to $11,000 for critical security issues in Internet Explorer 11 Preview.

Heart of Blue Gold – Announcing New Bounty Programs

Wednesday, June 19, 2013

Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships with this community since the earliest days of Microsoft’s outreach. In the early 2000’s, Microsoft had to go through what I call “the five stages of vulnerability response grief.