Microsoft Bounty Program Offers Larger Rewards For Bug Hunters (betanews.com) 18
Microsoft, which already offers one of the biggest bug bounty programs, said today it is increasing the payouts it makes and the time it takes to push the payments. From a report: A key change in policy is that Microsoft will no longer wait until a fix has been produced for a bug until making a payout -- now the only requirement is that a bug can be reproduced. This is thanks in part to a partnership with HackerOne. [...] The maximum bounty has increased from $15,000 to $50,000 for the Windows Insider Preview bounty and from $15K to $20K for the Microsoft Cloud Bounty.
Nice and all (Score:2)
You would think they would have enough for a QA person or 2.
But then again, M$ consumers have always been beta testers unwilling.
Re: (Score:2)
It's not just M$. :(
Here's some money ... (Score:2)
... please work on fixing the stuff my engineers don't even know about but delivered anyway.
Isnt that illegal? (Score:2)
I am pretty sure you can't offer a reward for catching a bug hunter. Not unless they have committed a crime.
I know that software companies assume all bug hunters are actually criminals, but you still have to prove they used the bugs to commit a crime, you can't just offer a reward for catching a bug hunter.
Yeah, I know some of you are thinking the poster meant to write a reward TO bug hunters, but we are talking about a major tech companies here, not people known for actually caring about the bugs in thei
Re: (Score:2)
Or he was making a joke and you did not get it. A sure sign of this is the questioning of their intelligence.
Re: (Score:2)
Some simple advice - when you as "what the @#$", you should consider "Is this person making an obtuse joke or is he serious?"
Perhaps a typo (Score:2)
" it is increasing the payouts it makes and the time it takes to push the payments."
Probably more accurate to say "increasing the payouts and DECREASING the time it takes to push the payments."
Am I the only one who remembers... (Score:2)
...when MS would charge you to report a bug?
Dear $Corporation (Score:2)
If you want folks to participate in your bug bounty programs, you need to keep a simple fact in mind.
Your bounties MUST pay out more than what a found exploit can be sold for on the open market.
It is really that simple.
Why would I divulge an exploit to $Corporation for a $10k prize, if I could sell it to multiple third parties for $100k each ?
You will be going up against folks with very deep pockets: Intelligence Agencies, Governments and Hacking Groups free lancing for either ( or both ).
So, quit being ch