April 15 news, Microsoft is expanding the vulnerability bounty, recently announced the Dynamics 365 and Power Platform Bounty Program and M365 Bounty Program two new plans. The bounty bonus is increased by up to 30% from the previous maximum of $20,000 to $26,000 (about 166,000 yuan).
According to a Security Response announcement from Microsoft, "Microsoft hopes to encourage researchers to focus their research on vulnerabilities that have the greatest potential impact on customer privacy and security through bounty rewards for these new scenarios." Some vulnerabilities that are not considered high risk may still qualify for a general bounty, and the company will judge the amount of the bonus based on the severity of the reported vulnerability and the quality of submissions.
It seems that Microsoft is really determined to find and patch vulnerabilities in Windows systems, and is willing to pay a bigger monetary reward for it. But it also reflects from the side that the latest Win11 may have too many bugs, and Microsoft itself can't cope with it. Moreover, Microsoft hopes that capable users will prioritize finding some vulnerabilities that compromise user privacy, rather than spending energy on small bugs.
It has been nearly a year since Win11 was released, but there are not many users who are really willing to use it and actively upgrade it, and even very few. This year's newly listed notebooks are directly pre-installed with the Win 11 system, but many users with hands-on ability will choose to reinstall back to Win10, the reason is that the Bugs of Win11 are really too many, and have reached the point of affecting daily use. Xiao Lei has several colleagues around him who have upgraded to Win11 and complained every day, and now they have returned to Win10.
Microsoft also asked more than 60,000 employees to upgrade the Win11 system, and even so, Win11's market share is still pitifully low, only 1.44%, even lower than Win8 (1.99%) and Win XP (1.71%). The Win8 of that year was already terrible enough, but the number of upgrades was much more than the current Win11.
Win11 has so many problems, if you don't hurry up and solve it, this new system is estimated to be abort again. Therefore, Microsoft can only raise the bounty in the hope that industry insiders will help find loopholes. However, Microsoft's bounty program is not necessarily perfect, and researchers have helped find vulnerabilities before, but Microsoft deducted the bounty.
There is also a more outrageous case in China, a white hat helped a platform find a big loophole, but the backhand was reported to steal user data, and finally the reward was not obtained and jailed. Therefore, even if you have the ability to help enterprises find vulnerabilities, you should pay attention to network security issues and never fall into the crime of hacking into computer systems.