Microsoft Extends Bounty
Written by Sue Gee   
Friday, 08 November 2013

Microsoft has opened up its reward scheme that offers a $100,000 bounty for new mitigation bypass techniques to enable more individuals and organizations to participate.

Microsoft's Mitigation Bypass Bounty has been ongoing since June and, as reported last month , has already paid out over $128,000 to security researchers. Now the scheme is "evolving" to widen the pool of talent eligible for bounty payouts.




Making the announcement on the Blue Hat blog, Microsoft's Senior Security Strategist Katie Moussouris said:

Today’s news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.

Individuals and organizations who are interested in joining the expanded program must pre-register by sending an email to at and signing an agreement.prior to sending in a submission. They will then be eligible for both the Mitigation Bypass Bounty, which offers up to $100,000 for truly novel exploitation techniques against protections built into Windows 8.1; and the BlueHat Bonus for Defense,  an additional $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission, by including a technical whitepaper to describe a way to effectively block the exploitation technique.

Explaining the move, Moussouris says:

This evolution of our bounty programs is designed to further disrupt the vulnerability and exploit markets. Currently, black markets pay high prices for vulnerabilities and exploits based on factors that include exclusivity and longevity of usefulness before a vendor discovers and mitigates it.  By expanding our bounty program, Microsoft is cutting down the time that exploits and vulnerabilities purchased on the black market remain useful, especially for targeted attacks that rely on stealthy exploitation without discovery.

Trying to convert malicious hackers into friendly hackers seems to be an idea that Microsoft is currently adopting on more than one front. Together with Facebook, Microsoft has launched Hackerone, an Internet Bug Bounty program that offers rewards for discovering security holes in the open source software that underpins the functioning of the Internet. In this program the rewards are between $300 and $5,000, although its panel of security experts, which includes Katie Moussouris, can make higher awards depending on nature of the bug.

More Information

Bounty Evolution

Mitigation Bypass Bounty and BlueHat Bonus for Defense Guidelines

Related Articles

Bounty Hunter Awarded $100,000

Microsoft Offers $100,000 For Novel Exploits

Microsoft and Facebook Launch Internet Bug Bounty Scheme

Google Offers Cash For Security Patches


To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.


raspberry pi books



or email your comment to:


Mitchell Baker Relinquishes CEO Role Before Mozilaa Announces Layoffs

In an announcement last week Mitchell Baker publicised her decision to step down from the role of CEO of Mozilla Corporation in order devote herself to overseeing Mozilla's broader vision. Now comes n [ ... ]

Google Season Of Docs 2024 Announced

This year's Google Season of Docs has been announced, and as usual will provide direct grants to open source projects to improve their documentation and give professional technical writers an opportun [ ... ]

More News

Last Updated ( Friday, 08 November 2013 )