Microsoft’s bug bounty program will now cover Microsoft Defender, with top awards relating to the antivirus software reaching $20,000.
From launch, the Microsoft Defender Bounty Program will only cover Microsoft Defender for Endpoint APIs; however, its scope is expected to broaden over time.
The addition of a new area to the company’s bug bounty scheme comes at a time when the program celebrates its 10th anniversary.
Microsoft Defender Bounty Program
Researchers have been awarded $63 million since the company first unveiled the initiative in 2013, with $60 million being issued in the past five years alone, during which time individuals from 70 countries have successfully identified flaws.
It appears that Redmond isn’t bothered about low- and moderate-severity vulnerabilities in its Defender program because there are no awards available. Instead, only important and critical bugs are of any financial value to researchers.
The company will also rank the reporting quality (high, medium, and low) to determine an individual’s worthiness of a high cash-value reward, which ranges from $500 to $20,000.
Microsoft said in a Defender Bounty Program page that submissions must “include clear, concise, and reproducible steps, either in writing or in video format.”
The page also highlights the other programs: M365 Bounty Program, Azure Bounty Program, Azure DevOps Bounty Program, Microsoft Dynamics 365 Bounty Program, and Microsoft Identity Bounty Program.
Submitting to the right program is likely to speed up processing, however Microsoft promises to route reports to the appropriate program to ensure that researchers are in with the best chance of earning some cash.
More from. TechRadar Pro
- Add an extra layer of security by using the best firewall tools
- Google adds generative AI threats to its bug bounty program
- Protect your device with the best endpoint protection software
