Microsoft’s bug bounty system now offers up to $15,000 for finding flaws

Why it matters to you

If you’re a pro at discovering software flaws, Microsoft’s bug bounties now have an unlimited time period and more options for rewards.

Microsoft expanded its existing bug bounty system to include all manner of Windows flaws if they are found within one of its Slow ring Insider builds. Whether you find it in the base operating system itself, or any of its companion software pieces, you may now be able to claim a finder’s fee reward from Microsoft up to $15,000, Ars Technica reports

Bug bounty systems are a tried-and-tested formula for finding bugs before they can see wider exploitation. It turns the practice of discovering flaws into a money-making endeavor, rather than the exploitation of them. Microsoft has seen much success with its own specific bounty systems for software like the Edge browser and exploit-mitigation systems.

Those software-specific bug bounties will remain, but Microsoft is now offering rewards for exploits found in the greater Windows ecosystem. Privilege elevation bugs will see up to a $10,000 payout, while denial of service exploits are worth a more reserved $5,000 to the software giant.

As much as digging for bugs in those areas would be a decent way to earn a living for a number of hackers, regardless of the color hat they wear, Microsoft’s older, more selective bounty systems are still far more lucrative. One key area Microsoft is looking to shore up is its virtual machine Hyper-V system. Find a flaw in that and Microsoft could reward you up to $250,000, whether it is for Windows 10, Server 2012 or a Windows Server Insider preview.

Problems found with the Windows Defender Application Guard come with a $30,000 bounty attached, whereas mitigation bypass bugs could net you as much as $100,000 if discovered.

All of the figures listed are the maximum, however, so most bugs will unlikely earn that much. The smallest payout for any particular category is $500, so don’t expect to retire if you find a singular flaw in a piece of Microsoft software. The potential is there though if your detection skills are strong enough.

You have time to find them too, as most crucially, the new bounties are not time-limited. While in the past the software giant often pushed for bugs to be found within a select time period to help clear up software before launch, with its new bounties it has them all listed as “ongoing,” with no stated plan for finalizing them.