Microsoft Extends Bounty
Written by Sue Gee   
Friday, 08 November 2013

Microsoft has opened up its reward scheme that offers a $100,000 bounty for new mitigation bypass techniques to enable more individuals and organizations to participate.

Microsoft's Mitigation Bypass Bounty has been ongoing since June and, as reported last month , has already paid out over $128,000 to security researchers. Now the scheme is "evolving" to widen the pool of talent eligible for bounty payouts.

 

bluehat2

 

Making the announcement on the Blue Hat blog, Microsoft's Senior Security Strategist Katie Moussouris said:

Today’s news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.

Individuals and organizations who are interested in joining the expanded program must pre-register by sending an email to at doa@microsoft.com and signing an agreement.prior to sending in a submission. They will then be eligible for both the Mitigation Bypass Bounty, which offers up to $100,000 for truly novel exploitation techniques against protections built into Windows 8.1; and the BlueHat Bonus for Defense,  an additional $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission, by including a technical whitepaper to describe a way to effectively block the exploitation technique.

Explaining the move, Moussouris says:

This evolution of our bounty programs is designed to further disrupt the vulnerability and exploit markets. Currently, black markets pay high prices for vulnerabilities and exploits based on factors that include exclusivity and longevity of usefulness before a vendor discovers and mitigates it.  By expanding our bounty program, Microsoft is cutting down the time that exploits and vulnerabilities purchased on the black market remain useful, especially for targeted attacks that rely on stealthy exploitation without discovery.

Trying to convert malicious hackers into friendly hackers seems to be an idea that Microsoft is currently adopting on more than one front. Together with Facebook, Microsoft has launched Hackerone, an Internet Bug Bounty program that offers rewards for discovering security holes in the open source software that underpins the functioning of the Internet. In this program the rewards are between $300 and $5,000, although its panel of security experts, which includes Katie Moussouris, can make higher awards depending on nature of the bug.

More Information

Bounty Evolution

Mitigation Bypass Bounty and BlueHat Bonus for Defense Guidelines

Related Articles

Bounty Hunter Awarded $100,000

Microsoft Offers $100,000 For Novel Exploits

Microsoft and Facebook Launch Internet Bug Bounty Scheme

Google Offers Cash For Security Patches

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

raspberry pi books

 

Comments




or email your comment to: comments@i-programmer.info

Banner


TypeScript 5.4 Adds NoInfer Type
12/03/2024

TypeScript 5.4 has been released, with the addition of a NoInfer utility type alongside preserved narrowing in closures following last assignments. 



Edgeless Systems Announces Continuum AI
14/03/2024

Edgeless Systems has announced the launch of Continuum, a  security solution that provides cloud-based "Confidential AI" services and enables sharing of sensitive data with chatbots such as ChatG [ ... ]


More News

Last Updated ( Friday, 08 November 2013 )