The Microsoft Bounty Program paid out over $2m to security researchers for finding software bugs in its products in 2018 alone and now the company plans to extend its bug bounty program further with a number of improvements intended to better serve the security research community.
For starters, the Cloud, Windows and Azure DevOps programs will now award bounties upon completion of reproduction and assessment of each submission rather than waiting until the final fix has been determined.
By shortening the time from submission to award determination, Microsoft is helping researchers get their bounty rewards faster which should encourage them to continue to do so and may even help draw more researchers to the cause.
The company has also partnered with HackerOne for bounty payment processing and support to delivery bounty awards more efficiently. The hacker-powered security platform will also offer more payment options including PayPal, cryptocurrencies and direct bank transfer in more than 30 currencies.
Microsoft is also raising the top payouts in multiple bounty programs including the Windows Insider Preview bounty which increased from $15k to $50k in January 2019 and the Microsoft Cloud Bounty program for Azure, Office 365 and other online services will increase from $15k to $20k.
The scope of the Cloud bounty has also been expanded and the company plans to further expand the scope and rewards across its programs throughout the year.
https://www.techradar.com/news/microsoft-paid-out-millions-in-bug-bounties-last-year