According to SC Magazine, compensation for bugs has been expanded by Microsoft.
From Microsoft doubles bug bounty payoff max, expands program:
Microsoft said Wednesday it would further expand its Bounty for Defense program, upping the payout maximum from $50,000 to $100,000 and launching a bonus period for its Online Services Bug Bounty during which bounties will be doubled, meaning researchers can receive as much as $30,000 for discovering authentication vulnerabilities, according to a release.
There are quants or at least semi-quants starting with six-figure incomes in finance. So saying $30,000, even with a drum roll, isn’t all that impressive. Think of all the years of effort to master an arcane set of skills in order to find vulnerabilities. Not to mention that security researchers have to support themselves between bug finds.
Just because you don’t know how to find bugs doesn’t make it easy. Or that just anyone is qualified to do it.
Kudos to Microsoft for inching towards inadequate but after all, bug hunters may prevent damage to millions of your customers. Unlike the quants who are trying to shave something off of your customers.
Want better bug hunting and cybersecurity?
Bug hunting and secure code must become more financially viable than bugs and insecure code.
When that happens, the security research community will blossom, but not a day before.