Microsoft’s Zero Day Quest, a bug bounty event offering up to $4 million in rewards to security researchers, was announced at this year’s Microsoft Ignite conference in Chicago. This event, set to take place next year in Redmond, Wash., is part of Microsoft’s Secure Future Initiative and aims to enhance transparency and collaboration within the security community.
During his keynote speech, Microsoft CEO Satya Nadella emphasized the importance of teamwork in security and expressed the company’s commitment to partnering with the broader security community. Microsoft Security Response Center Vice President of Engineering Tom Gallagher further elaborated on the Zero Day Quest in a blog post, calling it the “largest of its kind.” The event will focus on research into cloud and AI, offering significant rewards to researchers in these high-impact areas.
Gallagher highlighted the opportunity for the security community to work closely with Microsoft engineers and researchers through the Zero Day Quest, fostering collaboration and knowledge sharing. A preliminary research challenge was also announced, with certain vulnerability submissions eligible for multiplied bounty rewards. The event aims to bring together the best minds in security to enhance safety for all.
In line with Microsoft’s Secure Future Initiative, Gallagher reiterated the company’s commitment to transparency by encouraging researchers to publicly discuss vulnerability findings once mitigated. Microsoft will support these efforts through various channels, including blogs, podcasts, and videos. The company’s approach to coordinated disclosure ensures that critical vulnerabilities are promptly shared through the Common Vulnerabilities and Exposures (CVE) program.
The Secure Future Initiative was introduced following criticism of Microsoft’s cybersecurity practices, particularly regarding transparency around product vulnerabilities in cloud services. Microsoft’s lack of disclosure and patching practices were scrutinized by security researchers and vendors, leading to the implementation of initiatives like Zero Day Quest to improve security measures.
Additionally, Microsoft announced the general availability of Microsoft Security Exposure Management, a tool that provides customers with comprehensive visibility of their IT assets and potential attack surfaces. This product combines Microsoft’s threat intelligence with data from third-party partners to identify and mitigate threats effectively.
Furthermore, Microsoft unveiled new AI-related security features, including Data Loss Prevention for Microsoft 365 Copilot and Data Security Posture Management. These features empower customers to proactively identify data risks and receive tailored recommendations to bolster their security posture.
Overall, Microsoft’s Zero Day Quest and other security initiatives reflect the company’s ongoing commitment to enhancing transparency, collaboration, and security measures within the tech industry. Through partnerships with the security community and innovative tools, Microsoft aims to strengthen cybersecurity practices and safeguard digital ecosystems for users worldwide.