Microsoft Extends Bounty
Microsoft Extends Bounty
Written by Sue Gee   
Friday, 08 November 2013

Microsoft has opened up its reward scheme that offers a $100,000 bounty for new mitigation bypass techniques to enable more individuals and organizations to participate.

Microsoft's Mitigation Bypass Bounty has been ongoing since June and, as reported last month , has already paid out over $128,000 to security researchers. Now the scheme is "evolving" to widen the pool of talent eligible for bounty payouts.




Making the announcement on the Blue Hat blog, Microsoft's Senior Security Strategist Katie Moussouris said:

Today’s news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.

Individuals and organizations who are interested in joining the expanded program must pre-register by sending an email to at and signing an agreement.prior to sending in a submission. They will then be eligible for both the Mitigation Bypass Bounty, which offers up to $100,000 for truly novel exploitation techniques against protections built into Windows 8.1; and the BlueHat Bonus for Defense,  an additional $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission, by including a technical whitepaper to describe a way to effectively block the exploitation technique.

Explaining the move, Moussouris says:

This evolution of our bounty programs is designed to further disrupt the vulnerability and exploit markets. Currently, black markets pay high prices for vulnerabilities and exploits based on factors that include exclusivity and longevity of usefulness before a vendor discovers and mitigates it.  By expanding our bounty program, Microsoft is cutting down the time that exploits and vulnerabilities purchased on the black market remain useful, especially for targeted attacks that rely on stealthy exploitation without discovery.

Trying to convert malicious hackers into friendly hackers seems to be an idea that Microsoft is currently adopting on more than one front. Together with Facebook, Microsoft has launched Hackerone, an Internet Bug Bounty program that offers rewards for discovering security holes in the open source software that underpins the functioning of the Internet. In this program the rewards are between $300 and $5,000, although its panel of security experts, which includes Katie Moussouris, can make higher awards depending on nature of the bug.


10,000 Bugs Found - A Milestone for Static Analysis

Eliminating bugs from software requires attention to detail - or a good set of tools. In order to promote static analysis methodology in general and its own static analyzer in particular, PVS-Stu [ ... ]

Margaret Hamilton Pioneering Software Engineer

Margaret Hamilton, who coined the term "software engineer" and was lead developer for the team that wrote the programs that landed men on the moon, turned 80 years old last week.

More News

Last Updated ( Friday, 08 November 2013 )

RSS feed of news items only
I Programmer News
Copyright © 2016 All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.