Security News > 2020 > July > Microsoft Adds Scenario-Based Rewards to Windows Insider Preview Bounty Program

Microsoft announced last week that it has added scenario-based rewards to the Windows Insider Preview Bounty Program, with a top bounty of $100,000.

As part of the WIP program, eligible researchers are invited by Microsoft to find vulnerabilities in the Windows Insider Preview Dev Channel, with general rewards ranging between $500 for denial-of-service issues and $5,000 for remote code execution flaws.

As for local attack vectors, Microsoft is prepared to pay up to $20,000 for a sandbox escape with little or no user interaction, and for access to private user data from a sandboxed process without any user interaction.

"To enable faster triage and review of WIP bounty submissions and ultimately get awards to researchers faster, we ask that all Windows vulnerability reports indicate if the issue reproduces on WIP Dev Channel, and include the build and revision string in your report," Jarek Stanley, senior program manager at MSRC, explained in a blog post.

"To further speed bounty review, we recommend using the MSRC Researcher Portal to report vulnerabilities to Microsoft. We've updated the portal user experience to streamline communication of the data necessary to triage, assess, and award bounty for qualifying submissions. If you think you've found a vulnerability that qualifies for a scenario-based bounty award, there are new fields in the MSRC Researcher Portal to indicate the scenario in your report," Stanley added.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/7qwP5FfRbOY/microsoft-adds-scenario-based-rewards-windows-insider-preview-bounty-program