Microsoft Offers $100,000 For Novel Exploits
Written by Sue Gee   
Friday, 21 June 2013

Microsoft has announced a bounty program with generous payouts for discovering the weaknesses in Windows 8.1 while it it still in preview. It is also offering up to $11,000 per bug for vulnerabilities in IE11.

Unlike Google, Facebook and others, Microsoft hasn't had an ongoing bounty scheme, although last year it awarded a total of $260,000 to three winners in its BlueHat Prize competition.

It seems that Microsoft regarded that competition as a success and now has a three-pronged campaign to eradicate the bugs from Windows 8.1 and IE11 before they reach end users and it is offering direct cash payouts in exchange for reporting certain types of vulnerabilities and exploitation techniques.

The following three routes to earning cash for exposing bugs are open to individual researchers or those working for an organization that permits participation who are aged 14 or older (minors need parental consent) and on a worldwide basis, with the usual exceptions:

  1. Mitigation Bypass Bounty - Up to $100,000 for truly novel exploitation techniques against protections built into Windows 8.1. To qualify a bypass submission has to be "a novel and distinct method" unknown to Microsoft and which has not been described in prior works.

  2. BlueHat Bonus for Defense - An additional $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission, by including a technical whitepaper to describe a way to effectively block the exploitation technique

  3. Internet Explorer 11 Preview Bug Bounty - Up to $11,000 for critical vulnerabilities that affect Internet Explorer 11 Preview on Windows 8.1 Preview.

It is not usual to offer a bounty for bugs on beta software but Microsoft argues:

Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would. 

 

bluehat2

 

All three programs start on June 26th - the date of release of the preview of Windows 8.1. The IE11 Preview Bug Bounty runs for 30 days, i.e. until July 26th while the other two have open-ended time frames.

More Information

Mitigation Bypass Bounty and BlueHat Bonus for Defense Guidelines

Internet Explorer 11 Preview Bug Bounty Guidelines

 

Related Articles

BlueHat Prizes Awarded

Google Announces More Cash For Security Bugs

Facebook's White Hat VISA Card

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

blog comments powered by Disqus

 

Banner


Mozilla To Release Browser For Programmers
03/11/2014

There are two things about Mozilla's announcement that are out of the ordinary. The first is that it is trailing a release of a new browser on November 10th and the second is that the new browser is t [ ... ]



Neural Turing Machines Learn Their Algorithms
05/11/2014

Another breakthrough at Google DeepMind? A neural network form of the Turing machine architecture is proposed and demonstrated, and it does seem to learn its algorithms.


More News

Last Updated ( Friday, 21 June 2013 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.