Microsoft Extends Bounty
Microsoft Extends Bounty
Written by Sue Gee   
Friday, 08 November 2013

Microsoft has opened up its reward scheme that offers a $100,000 bounty for new mitigation bypass techniques to enable more individuals and organizations to participate.

Microsoft's Mitigation Bypass Bounty has been ongoing since June and, as reported last month , has already paid out over $128,000 to security researchers. Now the scheme is "evolving" to widen the pool of talent eligible for bounty payouts.

 

bluehat2

 

Making the announcement on the Blue Hat blog, Microsoft's Senior Security Strategist Katie Moussouris said:

Today’s news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.

Individuals and organizations who are interested in joining the expanded program must pre-register by sending an email to at doa@microsoft.com and signing an agreement.prior to sending in a submission. They will then be eligible for both the Mitigation Bypass Bounty, which offers up to $100,000 for truly novel exploitation techniques against protections built into Windows 8.1; and the BlueHat Bonus for Defense,  an additional $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission, by including a technical whitepaper to describe a way to effectively block the exploitation technique.

Explaining the move, Moussouris says:

This evolution of our bounty programs is designed to further disrupt the vulnerability and exploit markets. Currently, black markets pay high prices for vulnerabilities and exploits based on factors that include exclusivity and longevity of usefulness before a vendor discovers and mitigates it.  By expanding our bounty program, Microsoft is cutting down the time that exploits and vulnerabilities purchased on the black market remain useful, especially for targeted attacks that rely on stealthy exploitation without discovery.

Trying to convert malicious hackers into friendly hackers seems to be an idea that Microsoft is currently adopting on more than one front. Together with Facebook, Microsoft has launched Hackerone, an Internet Bug Bounty program that offers rewards for discovering security holes in the open source software that underpins the functioning of the Internet. In this program the rewards are between $300 and $5,000, although its panel of security experts, which includes Katie Moussouris, can make higher awards depending on nature of the bug.

Banner


Top 10 From Around The Web: PHP Development Resources
21/04/2017

PHP may not be the most trendy web development language but it is what is behind the scenes of many of the websites we use daily,  Facebook and IProgrammer alike. This round up of external blog p [ ... ]



New Developer Economics Survey
29/04/2017

Vision Mobile has launched its Developer Economics Q3 2017 survey and you'll find a space journey theme and a smattering of programmer jokes as you complete it. The incentive is prizes to win and pers [ ... ]


More News

Last Updated ( Friday, 08 November 2013 )
 
 

   
Banner
RSS feed of news items only
I Programmer News
Copyright © 2017 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.