Nano Server Added to Microsoft Bug Bounty Program

Microsoft expands bug bounty program adding Windows Server 2016 Nano Server payouts between $500 and $15,000.

Microsoft is accelerating the fumigation of bugs on its soon-to-be released Windows Server 2016 operating system. Last week, Microsoft announced a new bug bounty program running from April 29, through July 29, 2016 – with up to $15,000 in rewards for each qualifying bug.

Microsoft’s expansion of its 3-year-old program now includes its Nano Server, a feature aimed at cloud and web application developers within the Windows Server 2016 platform. Windows Server 2016 is only available as a beta release and is expected to launch Q3 2016.

The official name of the new bug bounty program is, Nano Server technical preview bounty program for Windows Server Technical Preview 5.

“On one level this is no big deal, but on another it’s a great sign showing Microsoft’s commitment to public bug bounty programs. And that wasn’t always a given with Microsoft,” said MÃ¥rten Mickos, CEO of HackerOne, a firm that helps companies and organizations manage their bug bounty programs.

Microsoft launched its bug bounty program in 2013, agreeing to pay good money to white hats, researchers and aspiring young hackers to find vulnerabilities in its universe of products. Mickos said it’s not always easy for big organizations to warm up to the idea that the best way to secure their platform is convincing people to hack them.

“This is a reassuring indication that Microsoft’s public bug bounty program is working and providing them information they need. And it means that they have the resources to expand the scope of the program. Not all companies can or will,” Mickos said.

Payouts for bug bounty hunters start at $15,000 for “high quality” bugs tied to remote code execution in Nano Server. Microsoft will pay $9,000 for “high quality” bugs relating to remote unauthenticated denial of service attacks, successful elevation of privileges and vulnerabilities tied to specific Nano Server DLLs. Payouts of $500 will go to bug bounty hunters that find find vulnerabilities ranging from flawed DLLs to ones tied to surreptitious information disclosures.

For those unfamiliar with Nano Server, Microsoft writes: “Nano Server, a minimal footprint installation of Windows Server that is highly optimized for the cloud, and ideal for containers,” according to Microsoft. “It is designed for fewer patch and update events, faster restarts, better resource utilization and tighter security,” according to Microsoft.

Suggested articles