Microsoft has launched the Defender Bounty Program, offering rewards of up to $20,000

Microsoft has recently launched a bug bounty program specifically for the Microsoft Defender security platform. The rewards for identifying vulnerabilities range from $500 to $20,000, with the final payment amount being at the sole discretion of the company. This amount is determined based on the severity and impact of the vulnerability, as well as the quality of the submission, with the highest rewards provided for high-quality reports on critical vulnerabilities.

The current scope of the Microsoft Defender bounty program is limited to Microsoft Defender endpoint APIs, but there are plans to expand this to other Defender products in the future. The program is open to researchers worldwide, who are encouraged to uncover vulnerabilities in Defender products and services and share their findings with the Microsoft team.

The program covers a range of security vulnerabilities including cross-site scripting (XSS), cross-site request forgery (CSRF), server-side request forgery (SSRF), insecure direct object references (IDORs), unsafe deserialization, code injection vulnerabilities, and executing code on the server side.

It's important to note that if an application is eligible for multiple award programs, researchers will receive the maximum lump sum payment from only one program. More information about the Microsoft Bounty program can be found on their official website.

As part of this initiative, Microsoft reveals that it has paid $58.9 million in rewards to 1,147 security researchers worldwide who reported 446 vulnerabilities across 22 programs. This study period began in July 2018 and ran through June 2023.

In addition to the Defender program, Microsoft has introduced additional rewards programs for AI-powered Bing, with payouts capped at $15,000. The company has also extended its bounty program to include bugs in Exchange, SharePoint, and Skype for Business, and has increased the maximum payouts for detecting serious vulnerabilities in Microsoft 365.

For a comprehensive list of potential rewards for discovering bugs in Microsoft products, please visit the official website.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Author: Sergey Tkachenko

Sergey Tkachenko is a software developer who started Winaero back in 2011. On this blog, Sergey is writing about everything connected to Microsoft, Windows and popular software. Follow him on Telegram, Twitter, and YouTube.

Leave a Reply

Your email address will not be published.

Exit mobile version
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.