Microsoft has launched one other bug bounty program, this time with the aim of constructing its Microsoft Defender-branded services and products extra resilient to assault.
The Microsoft Defender Bounty Program will supply moral hackers between $500 and $20,000 for “important vulnerabilities which have a direct and demonstrable influence on the safety of our clients.”
The most important sum for a novel vulnerability will go to researchers capable of finding essential distant code execution bugs and ship a high-quality report. In-scope vulnerabilities embody cross-site scripting, cross-site request forgery, server-side request forgery, cross-tenant information tampering or entry, and injection vulnerabilities.
This system will at the moment cowl solely Microsoft Defender for Endpoint Public APIs, however it’s anticipated to be expanded to different choices over time.
Learn extra on vulnerability analysis: Microsoft Pays One other $100K Bug Bounty
This system comes simply weeks after Microsoft launched an analogous initiative for its AI-powered Bing expertise. Microsoft additionally has bug bounty packages operating for SharePoint, Microsoft 365, Skype for Enterprise and on-premises Trade.
The information comes because the UK’s Nationwide Cyber Safety Centre (NCSC) introduced a brand new set of non-financial rewards for essentially the most prolific contributors to its Vulnerability Reporting Service (VRS).
The safety company will probably be awarding NCSC Problem Cash “to those that have proven themselves to be exemplars of the vulnerability disclosure group.”
The cash function 4 designs: Ada Lovelace, who is taken into account to be the world’s first programmer; Charles Babbage, the daddy of the pc; Alan Turing, codebreaker and father of recent computing science; and the Bombe, a decryption machine used throughout World Struggle Two.
The VRS was launched by the NCSC in 2018 to encourage researchers to search out vulnerabilities in UK authorities providers. Delivered by the HackerOne platform with assist from NCC Group, it’s now attracting 4 occasions the variety of submissions it acquired 5 years in the past.
