Posted on Tuesday March 12, 2019 | MSRC alerts
This year at the Nullcon International Security Conference I shared practical advice for how security researchers can maximize the impact of their security vulnerability submissions and earn higher bounty awards under the Microsoft Bounty Program. For those who couldn't be there, I had two core pieces of advice.
In addition to talking about vulnerability hunting in Microsoft’s bounty programs, we also want to help security researchers develop their skills. This year we sponsored more than 20 researchers to attend the conference, which included hands on training and workshops on hardware and software security. With almost 2000 attendees from across India, Nullcon was a great place to connect with the security researcher community across the region and see excellent technical talks from James Forshaw, Jaya Baloo, and others . Thanks to Antriksh Shah and the team at Payatu for bringing everyone together for such a great event.
Thank you to everyone who I met at Nullcon and to those who attended my talk. For more details and some real-world examples of high quality and high reward submissions, check out my presentation slides here.
Happy Hacking!
Jarek Stanley, @JarekMSFT
Senior Program Manager
MSRC
All Microsoft Bug Bounty Programs are subject to the terms and conditions outlined here.
The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For more than twenty years, we have been engaged with security researchers working to protect customers and the global online community. For more information, please visit our website at www.microsoft.com/msrc and follow our Twitter page at @msftsecresponse.