Microsoft has introduced a new bug bounty program focused on enhancing the security of its Microsoft Defender platform. The program offers rewards ranging from $500 to $20,000, with the highest payouts reserved for high-quality reports of critical severity remote code execution vulnerabilities.
While Microsoft retains the discretion to determine final reward amounts based on factors like vulnerability severity and impact, the initiative encourages global researchers to identify and share vulnerabilities in Defender products and services. The initial scope of the program concentrates on Microsoft Defender for Endpoint APIs, with plans for expansion to encompass other Defender products in the future.
The Microsoft Defender Bounty Program emphasizes collaboration with the global security research community to strengthen the protection of Microsoft customers. MSRC Senior Program Manager Madeline Eckert invites researchers worldwide to identify vulnerabilities in Defender products and services and share their findings with the Microsoft team.
The comprehensive list of in-scope security vulnerabilities includes various categories such as cross-site scripting, cross-tenant data tampering, and server-side code execution. Microsoft’s bug bounty guidelines dictate that the reward will be awarded to the initial submission in case of multiple researchers filing reports on the same issue.
The bug bounty program aligns with Microsoft’s commitment to security partnerships and represents one of the company’s investments in collaborating with the global security research community. The initiative aims to encourage researchers to uncover vulnerabilities and provide valuable insights to enhance the overall security of Microsoft Defender.
With an initial focus on Defender for Endpoint APIs, the program reflects Microsoft’s proactive approach to addressing potential security threats and fostering a collective effort towards cybersecurity.
