Microsoft Offers $100,000 For Novel Exploits
Microsoft Offers $100,000 For Novel Exploits
Written by Sue Gee   
Friday, 21 June 2013

Microsoft has announced a bounty program with generous payouts for discovering the weaknesses in Windows 8.1 while it it still in preview. It is also offering up to $11,000 per bug for vulnerabilities in IE11.

Unlike Google, Facebook and others, Microsoft hasn't had an ongoing bounty scheme, although last year it awarded a total of $260,000 to three winners in its BlueHat Prize competition.

It seems that Microsoft regarded that competition as a success and now has a three-pronged campaign to eradicate the bugs from Windows 8.1 and IE11 before they reach end users and it is offering direct cash payouts in exchange for reporting certain types of vulnerabilities and exploitation techniques.

The following three routes to earning cash for exposing bugs are open to individual researchers or those working for an organization that permits participation who are aged 14 or older (minors need parental consent) and on a worldwide basis, with the usual exceptions:

  1. Mitigation Bypass Bounty - Up to $100,000 for truly novel exploitation techniques against protections built into Windows 8.1. To qualify a bypass submission has to be "a novel and distinct method" unknown to Microsoft and which has not been described in prior works.

  2. BlueHat Bonus for Defense - An additional $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission, by including a technical whitepaper to describe a way to effectively block the exploitation technique

  3. Internet Explorer 11 Preview Bug Bounty - Up to $11,000 for critical vulnerabilities that affect Internet Explorer 11 Preview on Windows 8.1 Preview.

It is not usual to offer a bounty for bugs on beta software but Microsoft argues:

Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would. 

 

bluehat2

 

All three programs start on June 26th - the date of release of the preview of Windows 8.1. The IE11 Preview Bug Bounty runs for 30 days, i.e. until July 26th while the other two have open-ended time frames.

More Information

Mitigation Bypass Bounty and BlueHat Bonus for Defense Guidelines

Internet Explorer 11 Preview Bug Bounty Guidelines

 

Related Articles

BlueHat Prizes Awarded

Google Announces More Cash For Security Bugs

Facebook's White Hat VISA Card

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

 
 



Comments




or email your comment to: comments@i-programmer.info

 

Banner


Google Clips - The Death of the Photographer
20/05/2018

Google has invented a camera that can do what a photographer, or should that be videographer, does - pick the moment. It is the last piece of photography that humans were needed for. How it works is a [ ... ]



Grasshopper - An Area 120 App To Teach Coding
24/04/2018

Google's in-house incubator, Area 120, has launched a free, learn-to-code app for adult beginners. It teaches JavaScript through short lessons on users iPhone or Android device.


More News

Last Updated ( Friday, 21 June 2013 )
 
 

   
Banner
RSS feed of news items only
I Programmer News
Copyright © 2018 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.