Microsoft Offers $100,000 For Novel Exploits
Written by Sue Gee   
Friday, 21 June 2013

Microsoft has announced a bounty program with generous payouts for discovering the weaknesses in Windows 8.1 while it it still in preview. It is also offering up to $11,000 per bug for vulnerabilities in IE11.

Unlike Google, Facebook and others, Microsoft hasn't had an ongoing bounty scheme, although last year it awarded a total of $260,000 to three winners in its BlueHat Prize competition.

It seems that Microsoft regarded that competition as a success and now has a three-pronged campaign to eradicate the bugs from Windows 8.1 and IE11 before they reach end users and it is offering direct cash payouts in exchange for reporting certain types of vulnerabilities and exploitation techniques.

The following three routes to earning cash for exposing bugs are open to individual researchers or those working for an organization that permits participation who are aged 14 or older (minors need parental consent) and on a worldwide basis, with the usual exceptions:

  1. Mitigation Bypass Bounty - Up to $100,000 for truly novel exploitation techniques against protections built into Windows 8.1. To qualify a bypass submission has to be "a novel and distinct method" unknown to Microsoft and which has not been described in prior works.

  2. BlueHat Bonus for Defense - An additional $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission, by including a technical whitepaper to describe a way to effectively block the exploitation technique

  3. Internet Explorer 11 Preview Bug Bounty - Up to $11,000 for critical vulnerabilities that affect Internet Explorer 11 Preview on Windows 8.1 Preview.

It is not usual to offer a bounty for bugs on beta software but Microsoft argues:

Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would. 

 

bluehat2

 

All three programs start on June 26th - the date of release of the preview of Windows 8.1. The IE11 Preview Bug Bounty runs for 30 days, i.e. until July 26th while the other two have open-ended time frames.

More Information

Mitigation Bypass Bounty and BlueHat Bonus for Defense Guidelines

Internet Explorer 11 Preview Bug Bounty Guidelines

 

Related Articles

BlueHat Prizes Awarded

Google Announces More Cash For Security Bugs

Facebook's White Hat VISA Card

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

blog comments powered by Disqus

 

Banner


A New Future For Mozilla
20/11/2014

Mozilla has announced a new regional strategy for its Firefox browser search facility. It has decided to terminate the existing arrangement with Google and has embarked on a 5-year arrangement with Ya [ ... ]



Polyfills As A Service
07/11/2014

Polyfills - don't you just hate'm, but you can't live without them. The big problem is knowing when you need them. Now there is a solution that gets it just right every time.


More News

Last Updated ( Friday, 21 June 2013 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.