{"id":4021,"date":"2019-08-06T16:34:55","date_gmt":"2019-08-06T20:34:55","guid":{"rendered":"https:\/\/solutionsreview.com\/endpoint-security\/?p=4021"},"modified":"2019-08-06T16:34:55","modified_gmt":"2019-08-06T20:34:55","slug":"exploring-bug-bounties-with-microsofts-bug-bounty-challenge","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/","title":{"rendered":"Exploring Bug Bounties With Microsoft&#8217;s Bug Bounty Challenge"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-3267\" src=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg\" alt=\"Exploring Bug Bounties With Microsoft's Bug Bounty Challenge\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg 800w, https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Recently, at the Black Hat 2019 conference, technology giant and <a href=\"https:\/\/solutionsreview.com\/endpoint-security\/free-endpoint-protection-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">cybersecurity provider<\/a> Microsoft made two startling announcements:\u00a0<\/span><\/p>\n<ol style=\"text-align: justify\">\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Over the past year, Microsoft paid hackers a grand total of $4.4 million.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">They issued an outright challenge to hackers who feel confident and aggressive to attack them.\u00a0<\/span><\/li>\n<\/ol>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">While both announcements appear shocking, in context Microsoft\u2019s action actually make complete sense. The key is to filter their actions and statements through the filter of a bug bounty program.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"#\" href=\"https:\/\/solutionsreview.com\/endpoint-security\/free-endpoint-protection-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2019\/01\/endpoint-security-speedbump-cta.jpg\" alt=\"Download Link to Endpoint Security Buyer's Guide\" width=\"800\" height=\"225\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">What is a bug bounty program? How does Microsoft\u2019s actions compare to other bug bounty programs? Should your enterprise implement a bug bounty program?<\/span><\/p>\n<h2 style=\"text-align: justify\"><b>What is a Bug Bounty Program?\u00a0<\/b><\/h2>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">First, we need to define bug bounties for the uninitiated.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">A bug bounty program refers to a deal offered by enterprises to individuals who discover bugs on their networks. By definition, \u201cbugs\u201d can include anything from security holes to exploits and other digital vulnerabilities. Usually, enterprises use their bug bounty programs to discover and close vulnerabilities before they become public knowledge.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Generally, bug bounties tend to offer money for the discovery of security. In fact, some companies have run into trouble as a result of trying to avoid paying its bug discoverers. Famously, Yahoo tried to pay its white-hat hackers with t-shirts.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, this leads to another question enterprises need to understand\u2026.\u00a0<\/span><\/p>\n<h2 style=\"text-align: justify\"><b>Who Participates in Bug Bounty Programs? <\/b><span style=\"font-weight: 400\">\u00a0<\/span><\/h2>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Many people conflate hackers with all digital threat actors. Indeed, the editors of Solutions Review also tend to fuel this discourse. However, that doesn\u2019t quite bear out in reality.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The term \u201chacker\u201d simply refers to any individual who breaks into computer systems and software. This can include white-hat hackers\u2014which include security researchers looking for bugs\u2014and threat actors. Ultimately, the intention and actions of the hacker determine which identity they possess. If the actor comes to your enterprise with news of a bug and didn\u2019t exploit it, they qualify as a white-hat hacker.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">For years, white-hat hackers received rather unfair treatment; some enterprises and institutions threatened them with legal recourse. Yet white-hat hackers only seek to help enterprises stay strong. Bug bounty programs don\u2019t invite malicious hackers any more than any other vulnerability; in fact, you could say hackers would try to attack regardless.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">With both of these facts in mind, we come across another question: how should your enterprise handle its\u2019 own bug bounty program?\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>How to Run A Program of Your Own<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">To establish your enterprise\u2019s own bug bounty program, follow these steps:\u00a0<\/span><\/p>\n<ul style=\"text-align: justify\">\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Establish your goals. Are you looking for general protection or is there something, in particular, you want protection for like a continuous code.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Allocate the necessary funds and resources to establishing your bug bounty.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Define your bounty in clear, unambiguous terms. Indeed, you need to establish what exactly qualifies a vulnerability that warrants a payment to avoid any complaints. Additionally, you need to establish the procedure for documenting and reporting any discovered bugs.<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Through endpoint security capabilities, ensure visibility throughout your network.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Finally, have a plan to review and remediate discovered bugs. You need the flexibility to respond quickly when you receive a threat report; if you receive word of a threat and don\u2019t respond promptly, that can actually backfire on your reputation.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400\"><span style=\"font-weight: 400\">Also, you need to be ready to pay your white-hat hackers.\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/li>\n<\/ul>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Furthermore, you need to make sure your enterprise understand the bug bounty program and can work with it.\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Of course, this leads to perhaps the most prickly question of all:\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>How Much Should You Pay?\u00a0<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">When Microsoft announced its bug bounty program, they declared the top prize for an Azure bug discovery as $40,000. Contextually, $40,000 constitutes a year\u2019s salary for many employees.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Now, Microsoft bears the distinction of being one of the largest companies in the world. Additionally, Microsoft expressed extreme confidence in the strength of its digital perimeter (usually not an advisable attitude in cybersecurity).\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In short, your enterprise doesn\u2019t need to offer quite that much for its own program. What matters here is that the severity of each threat discovered should determine the payout. A vulnerability with low risk should pay less than a critical vulnerability.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">From there, your program payout should depend on the size of your business. An SMB can get away with a $150 payout for a low severity security hole. Meanwhile, a global enterprise may have to pay up to $1,000 for a similar threat.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">However, for the most critical threats, SMBs should consider paying anywhere around $2,000, where a global business may need to pay out around $10,000. While still lower than the Microsoft payout, that amount still proves intimidating. Yet the monetary damage of a breach usually trumps that amount.\u00a0 \u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Regardless, you want to encourage white-hat hackers to examine your business critically and form a positive relationship with you. Additionally, a good payout can encourage a less scrupulous hacker to take the payout rather than sell the info on the Dark Web.\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<h3 style=\"text-align: justify\"><b>Do You Need a Bug Bounty Program?<\/b><\/h3>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">According to the FBI, over 4,000 ransomware attacks occur daily. Moreover, 230,000 new malware samples are produced every day. That doesn&#8217;t even cover threats like cryptojacking and fileless malware, both of which exploit new kinds of security vulnerabilities. The number of threats your enterprise faces only increases. Also, hackers continually work to make their cyber attacks more effective at penetrating.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Eventually, no matter the strength of your digital perimeter, something can and will break through the perimeter. However, with a bug bounty program, your enterprise can close security vulnerabilities before hackers find them.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">In other words, you can embrace strategies which only strengthen your perimeter. Of course, your enterprise can also improve its visibility and its endpoint protection through a next-generation solution.\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Obviously, pairing endpoint security and a bug bounty program fortifies your enterprise as much as possible. In cybersecurity, you always pick the choice which makes your business stronger.\u00a0\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">To help you determine your use case, we offer our <a href=\"https:\/\/solutionsreview.com\/endpoint-security\/free-endpoint-protection-buyers-guide\/\" target=\"_blank\" rel=\"noopener noreferrer\">2019 Endpoint Security Buyer\u2019s Guide<\/a>. In it, we cover the top solution providers and their key capabilities. Also, we provide a Bottom Line analysis for each vendor. Our guide can help you determine your business use case and help you find the right fit.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"#\" href=\"https:\/\/solutionsreview.com\/endpoint-security\/free-endpoint-protection-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" src=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2019\/01\/endpoint-security-speedbump-cta.jpg\" alt=\"Download Link to Endpoint Security Buyer's Guide\" width=\"800\" height=\"225\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently, at the Black Hat 2019 conference, technology giant and cybersecurity provider Microsoft made two startling announcements:\u00a0 Over the past year, Microsoft paid hackers a grand total of $4.4 million.\u00a0 They issued an outright challenge to hackers who feel confident and aggressive to attack them.\u00a0 While both announcements appear shocking, in context Microsoft\u2019s action actually [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":3267,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[2,335],"tags":[31,251,1068,75,22,13,161,381,84],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Exploring Bug Bounties With Microsoft&#039;s Bug Bounty Challenge<\/title>\n<meta name=\"description\" content=\"What is a bug bounty program? How does Microsoft\u2019s actions compare to other programs? Should your enterprise implement a bug bounty program?\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Exploring Bug Bounties With Microsoft&#039;s Bug Bounty Challenge\" \/>\n<meta property=\"og:description\" content=\"What is a bug bounty program? How does Microsoft\u2019s actions compare to other programs? Should your enterprise implement a bug bounty program?\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/\" \/>\n<meta property=\"og:site_name\" content=\"Endpoint Security &amp; Protection Platforms | Solutions Review\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/solutionsreview\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-06T20:34:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Ben Canner\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@InfoSec_Review\" \/>\n<meta name=\"twitter:site\" content=\"@InfoSec_Review\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/\"},\"author\":{\"name\":\"Ben Canner\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"headline\":\"Exploring Bug Bounties With Microsoft&#8217;s Bug Bounty Challenge\",\"datePublished\":\"2019-08-06T20:34:55+00:00\",\"dateModified\":\"2019-08-06T20:34:55+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/\"},\"wordCount\":1042,\"publisher\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#organization\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg\",\"keywords\":[\"Best Practices\",\"Bug Bounty\",\"Bug Bounty Program\",\"Cybersecurity\",\"Endpoint Protection\",\"Endpoint Security\",\"Infosec\",\"Microsoft\",\"Security\"],\"articleSection\":[\"Best Practices\",\"Featured\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/\",\"name\":\"Exploring Bug Bounties With Microsoft's Bug Bounty Challenge\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg\",\"datePublished\":\"2019-08-06T20:34:55+00:00\",\"dateModified\":\"2019-08-06T20:34:55+00:00\",\"description\":\"What is a bug bounty program? How does Microsoft\u2019s actions compare to other programs? Should your enterprise implement a bug bounty program?\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"IDC Survey Finds Over a Third of Businesses Hit by Ransomware\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/endpoint-security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Exploring Bug Bounties With Microsoft&#8217;s Bug Bounty Challenge\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#website\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/\",\"name\":\"Endpoint Security &amp; Protection Platforms | Solutions Review\",\"description\":\"Evaluating Enterprise EPP Software, Next-Gen Antivirus &amp; EDR Solutions.\",\"publisher\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/endpoint-security\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#organization\",\"name\":\"Solutions Review\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2016\/05\/SR_Icon.png\",\"contentUrl\":\"https:\/\/solutionsreview.com\/endpoint-security\/files\/2016\/05\/SR_Icon.png\",\"width\":200,\"height\":200,\"caption\":\"Solutions Review\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/solutionsreview\",\"https:\/\/x.com\/InfoSec_Review\",\"https:\/\/www.linkedin.com\/company\/cyber-security-solutions-review\",\"https:\/\/www.youtube.com\/user\/SolutionsReview\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/endpoint-security\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Exploring Bug Bounties With Microsoft's Bug Bounty Challenge","description":"What is a bug bounty program? How does Microsoft\u2019s actions compare to other programs? Should your enterprise implement a bug bounty program?","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/","og_locale":"en_US","og_type":"article","og_title":"Exploring Bug Bounties With Microsoft's Bug Bounty Challenge","og_description":"What is a bug bounty program? How does Microsoft\u2019s actions compare to other programs? Should your enterprise implement a bug bounty program?","og_url":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/","og_site_name":"Endpoint Security &amp; Protection Platforms | Solutions Review","article_publisher":"https:\/\/www.facebook.com\/solutionsreview","article_published_time":"2019-08-06T20:34:55+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg","type":"image\/jpeg"}],"author":"Ben Canner","twitter_card":"summary_large_image","twitter_creator":"@InfoSec_Review","twitter_site":"@InfoSec_Review","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#article","isPartOf":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/"},"author":{"name":"Ben Canner","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"headline":"Exploring Bug Bounties With Microsoft&#8217;s Bug Bounty Challenge","datePublished":"2019-08-06T20:34:55+00:00","dateModified":"2019-08-06T20:34:55+00:00","mainEntityOfPage":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/"},"wordCount":1042,"publisher":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/#organization"},"image":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg","keywords":["Best Practices","Bug Bounty","Bug Bounty Program","Cybersecurity","Endpoint Protection","Endpoint Security","Infosec","Microsoft","Security"],"articleSection":["Best Practices","Featured"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/","url":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/","name":"Exploring Bug Bounties With Microsoft's Bug Bounty Challenge","isPartOf":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg","datePublished":"2019-08-06T20:34:55+00:00","dateModified":"2019-08-06T20:34:55+00:00","description":"What is a bug bounty program? How does Microsoft\u2019s actions compare to other programs? Should your enterprise implement a bug bounty program?","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#primaryimage","url":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2018\/10\/blockchain-mod.jpg","width":800,"height":400,"caption":"IDC Survey Finds Over a Third of Businesses Hit by Ransomware"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/endpoint-security\/exploring-bug-bounties-with-microsofts-bug-bounty-challenge\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/endpoint-security\/"},{"@type":"ListItem","position":2,"name":"Exploring Bug Bounties With Microsoft&#8217;s Bug Bounty Challenge"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#website","url":"https:\/\/solutionsreview.com\/endpoint-security\/","name":"Endpoint Security &amp; Protection Platforms | Solutions Review","description":"Evaluating Enterprise EPP Software, Next-Gen Antivirus &amp; EDR Solutions.","publisher":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/endpoint-security\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#organization","name":"Solutions Review","url":"https:\/\/solutionsreview.com\/endpoint-security\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/logo\/image\/","url":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2016\/05\/SR_Icon.png","contentUrl":"https:\/\/solutionsreview.com\/endpoint-security\/files\/2016\/05\/SR_Icon.png","width":200,"height":200,"caption":"Solutions Review"},"image":{"@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/solutionsreview","https:\/\/x.com\/InfoSec_Review","https:\/\/www.linkedin.com\/company\/cyber-security-solutions-review","https:\/\/www.youtube.com\/user\/SolutionsReview"]},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/endpoint-security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/endpoint-security\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/posts\/4021"}],"collection":[{"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/comments?post=4021"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/posts\/4021\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/media\/3267"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/media?parent=4021"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/categories?post=4021"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/endpoint-security\/wp-json\/wp\/v2\/tags?post=4021"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}