Well, there’s some good news for hackers and bug bounty hunters!
Both tech giants Google and Microsoft have raised the value of the payouts they offer security researchers, white hat hackers and bug hunters who find high severity flaws in their products.
While Microsoft has just doubled its top reward from $15,000 to $30,000,
its high reward from $20,000 to $31,337, which is a 50 percent rise plus a bonus $1,337 or ‘leet’ award.
In past few years, every major company, from
, had started Bug Bounty Programs to encourage hackers and security researchers to find and responsibly report bugs in their services and get rewarded.
But since more and more bug hunters participating in bug bounty programs at every big tech company, common and easy-to-spot bugs are hardly left now, and if any, they hardly make any severe impact.
Sophisticated and remotely exploitable vulnerabilities are a thing now, which takes more time and effort than ever to discover.
So, it was needed to encourage researchers in helping companies find high-severity vulnerabilities that have become harder to identify.
Until now, Google offered $20,000 for remote code execution (RCE) flaws and $10,000 for an unrestricted file system or database access bugs. But these rewards have now been increased to $31,337 and $13,337, respectively.
For earning the top notch reward of $31,337 from the tech giant, you need to find command injections, sandbox escapes and deserialization flaws in highly sensitive apps, such as Google Search, Chrome Web Store, Accounts, Wallet, Inbox, Code Hosting, Google Play, App Engine, and Chromium Bug Tracker.
Types of vulnerabilities in the unrestricted file system or database access category that can earn you up to $13,337 if they affect highly sensitive services include unsandboxed XML eXternal Entity (XXE) and SQL injection bugs.
Since the launch of its bug bounty program in 2010, Google has paid out over $9 Million, including $3 Million awarded last year.
Microsoft has also
from $20,000 to $30,000 for vulnerabilities including cross-site scripting (XSS), cross-site request forgery (CSRF), unauthorized cross-tenant data tampering or access (for multi-tenant services), insecure direct object references injection, server-side code execution, and privilege escalation bugs, in its Outlook and Office services.
Both the tech giants are trying their best to eliminate any lucrative vulnerability or backdoor into their software and products to avoid any hacking attempts and make them more secure.
Hackers will get the payout reward after submitting the vulnerabilities along with a valid working proof-of-concept.
So, what are you waiting for? Go and Grab them all!
Source: THN : The Hacker News @ March 3, 2017 at 11:18AM