1. Microsoft Hyper-V Bounty Program

Headquarters: Redmond, Wash.

Top Bounty: $250,000

Minimum Payout: $5,000

Program Managed By: Company

Microsoft broadened the scope of this program in May 2017, and it now pays a bounty on remote code execution, information disclosure, and denial of service vulnerabilities.

Remote code execution vulnerabilities on a hypervisor or host kernel with functioning exploits will receive a $250,000 bounty, while those without a functioning exploit will receive a $200,000 bounty. Remote code execution vulnerabilities on a virtual machine worker process with functioning exploits will receive a $150,000 bounty, while those without a functioning exploit will receive a $100,000 bounty.

Eligible submissions should enable the guest virtual machine to compromise the hypervisor, escape from a guest virtual machine to the host, or escape from one guest virtual machine or another guest virtual machine.