This is the Trace Id: 66514458034adee2ee09b45e5d2eeaf8
Skip to main content Report Security Vulnerability Report Abuse Report Infringement Submission FAQs Reporting Vulnerability Security Update Guide Exploitability index Developer API documentation Frequently Asked Questions Technical Security Notifications Glossary Microsoft Bug Bounty Programs Microsoft Active Protections Program BlueHat Security Conference Researcher Recognition Program Windows Security Servicing Criteria Researcher Resource Center Microsoft Security Response Center Security Research & Defense BlueHat Conference Blog Security Researcher Acknowledgments Online Services Researcher Acknowledgments AI Safety Acknowledgements Security Researcher Leaderboard

Bounty News Update: Bountiful Harvest

BlueHat
/ By bluehat /

Fall is a season traditionally associated with a harvest after planting the seeds and tending the crops. Today I’m proud to announce the names of six very smart people who have helped us make our products more secure by participating in our new bounty programs. When we launched our bounty programs in June this year, we had a few strategic goals in mind:

  • Increase the win-win between the hacker/security researcher community and Microsoft’s customers, and build relationships with new researchers in the process
  • Receive more vulnerability reports earlier in the release cycle of our products, ideally during the beginning of the preview (or beta) period
  • Learn about new exploitation techniques that can be used to defeat our platform-wide defenses, so we can build protections against entire classes of attack

Now that we have permission from the bounty program recipients to publish their names and bounty amounts, I’ll list them all here. You may have seen a few congratulatory and celebratory tweets; we wanted to officially acknowledge these security researchers who have helped our customers by participating in our bounty programs.

On behalf of over a billion customers, THANK YOU! James Forshaw
Ivan Fratric
Jose Antonio Vazquez Gonzalez
Masato Kinugawa
Fermin J. Serna
Peter Vreugdenhil

I am also thrilled to highlight a few of our bounty program results:

Overall:

We’ve worked with so many bright security researchers through the years, and are thrilled that through the bounty programs, we received reports from researchers who had never reported to us directly before. This means we have even more great minds interested in working directly with us to help make our products more secure.

IE11 Preview Bug Bounty:

During the first 30 days of the IE11 preview period we received several vulnerabilities that qualified for a bounty, in contrast to the first 30 days of the IE10 beta, when we did not receive any bulletin-class reports. The Preview period is a great time for us to receive these reports because we can address these issues earlier. Oftentimes, researchers typically do not report these findings until after code was released to manufacturing. With these submissions, we will be able to address these vulnerabilities earlier in the process providing a more secure version of Internet Explorer

As the leaves turn colors and the temperatures cool off, I’m happy to be sharing the bountiful harvest of our programs, started as seeds planted in early summer. It’s been a great first three months of Microsoft’s bounty programs, and we’re overjoyed that our programs have been met with great participation and enthusiasm from the hacker community.

Stay tuned for more news coming soon!

Katie Moussouris
Senior Security Strategist, Microsoft Security Response Center
https://twitter.com/k8em0 (that’s a zero)

Surface Pro Surface Laptop Surface Laptop Ultra Surface RTX Spark Dev Box Copilot for organizations Copilot for personal use Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Software companies Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States)
Your Privacy Choices Opt-Out Icon Your Privacy Choices
Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads