Date:09/04/19
Microsoft paid a total of $2 million for security flaws as part of the company’s bug bounty programs last year, so the company is implementing a series of changes that would further refine its collaboration with security researchers across the world.
One of the changes announced today concerns the payments that Microsoft makes as part of its bounty programs, as the software giant says it wants the financial rewards to be offered faster.
Payments will now be processed by HackerOne, Microsoft says, and additional options are offered, including not only PayPal, but also crypto currency.
“Microsoft is partnering with HackerOne for bounty payment processing and support to deliver bounty awards efficiently and with more options like PayPal, crypto currency, or direct bank transfer in more than 30 currencies. HackerOne also supports award splitting and charity donations. Additionally, Microsoft bounty awards processed through HackerOne will contribute to your overall reputation score on the HackerOne platform,” Jarek Stanley, Senior Program Manager at Microsoft, says.
There’s also an updated policy for duplicates, which concerns security vulnerabilities reported by researchers, but which were already known internally.
“The first researcher to report a bounty-eligible vulnerability will receive the full eligible bounty award, even if it is internally known. There is no change to our policy regarding duplicate external reports of the same vulnerability,” the Microsoft employee further added.
What’s important to know is that despite the payments now being processed through HackerOne, vulnerability reports must be sent to Microsoft directly, and the company says researchers can submit them at secure@microsoft.com.
Earlier this year, Microsoft also announced increased awards for a number of vulnerabilities. For example, flaws discovered for the Windows Insider Preview bounty now start at $50,000, up from $15,000 originally, while a bug in products like Azure, Office 365, and other online services can bring you at least $20,000 as part of the bounty program.
Microsoft Paid $2 Million for Security Bugs Last Year
Microsoft paid a total of $2 million for security flaws as part of the company’s bug bounty programs last year, so the company is implementing a series of changes that would further refine its collaboration with security researchers across the world.One of the changes announced today concerns the payments that Microsoft makes as part of its bounty programs, as the software giant says it wants the financial rewards to be offered faster.
Payments will now be processed by HackerOne, Microsoft says, and additional options are offered, including not only PayPal, but also crypto currency.
“Microsoft is partnering with HackerOne for bounty payment processing and support to deliver bounty awards efficiently and with more options like PayPal, crypto currency, or direct bank transfer in more than 30 currencies. HackerOne also supports award splitting and charity donations. Additionally, Microsoft bounty awards processed through HackerOne will contribute to your overall reputation score on the HackerOne platform,” Jarek Stanley, Senior Program Manager at Microsoft, says.
There’s also an updated policy for duplicates, which concerns security vulnerabilities reported by researchers, but which were already known internally.
“The first researcher to report a bounty-eligible vulnerability will receive the full eligible bounty award, even if it is internally known. There is no change to our policy regarding duplicate external reports of the same vulnerability,” the Microsoft employee further added.
What’s important to know is that despite the payments now being processed through HackerOne, vulnerability reports must be sent to Microsoft directly, and the company says researchers can submit them at secure@microsoft.com.
Earlier this year, Microsoft also announced increased awards for a number of vulnerabilities. For example, flaws discovered for the Windows Insider Preview bounty now start at $50,000, up from $15,000 originally, while a bug in products like Azure, Office 365, and other online services can bring you at least $20,000 as part of the bounty program.
Views: 375
©ictnews.az. All rights reserved.
Similar news
- Azerbaijani project to monitor disease via mobile phones
- Innovative educational system to be improved under presidential decree
- NTRC prolongs license of two TV and radio organizations for 6 years
- Azerbaijan establishes e-registry for medicines
- Azerbaijani museum introduces e-guide
- Nar Mobile opens “Nar Dunyasi” sales and service center in Siyazan city
- International conference on custom electronic services held in Baku
- OIC secretary general to attend COMSTECH meeting in Baku
- Azerbaijan develops earthquake warning system
- New law to regulate transition to digital broadcasting in Azerbaijan
- Azerbaijani State Social Protection Fund introduces electronic digital signature
- Intellectual traffic management system in Baku to be commissioned in December
- Tax Ministry of Azerbaijan started receiving video-addresses
- World Bank recommends Azerbaijan to speed up e-service introduction in real estate
- Azerbaijan to shift to electronic registration of real estate
