Microsoft to pay individuals who discover and report vulnerabilities on the new Bing

Reading time icon 2 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team. Read more

Microsoft has instituted a fresh bug bounty initiative that acknowledges and incentivizes security researchers and ethical hackers for identifying and disclosing security gaps in its Bing search engine, which includes the newly inaugurated Bing Chat AI search chatbot. The program’s purpose is to strengthen the security and dependability of Bing as it becomes increasingly reliant on AI technology.

What is Microsoft’s bug bounty program?

The bug bounty program provides security researchers and ethical hackers with an opportunity to identify potential vulnerabilities in computer programs or websites. These experts are incentivized with handsome rewards for successfully identifying security gaps. Once a flaw, commonly known as a ‘bug,’ is identified, the researcher must report it to Microsoft to receive their bounty.

Individuals seeking to participate in the latest expansion of the bug bounty program for the new Bing platform are required to submit a thorough report via the general submission list and select Bing from the list of available products. The submission should include the bug’s type, the version that contains it, any updates that may have been installed, specific configurations needed to replicate it, and step-by-step instructions for reproducing the issue during the first installation. All submissions must adhere to the Microsoft Bounty Terms and Conditions and conform to the Microsoft Cloud Bounty Program Scope. Following submission, Microsoft will evaluate the eligibility and assign it to engineers for review. If deemed appropriate, a bounty will be rewarded.

OpenAI too offers the bug bounty program

Growing apprehensions highlight that cyber-attackers may focus on exploiting AI by identifying vulnerabilities in models to harm users. Microsoft’s thriving partner, OpenAI, has launched its own bug bounty program for ChatGPT to alleviate such concerns. Interested parties can evaluate ChatGPT by accessing https://bugcrowd.com/openai, which provides guidance on how to compile a bug report. The program offers a maximum reward of $20,000, while the minimum reward is set at $100 as per the reward structure.

Via ZDNET

User forum

0 messages