Microsoft Extends Bounty
Written by Sue Gee   
Friday, 08 November 2013

Microsoft has opened up its reward scheme that offers a $100,000 bounty for new mitigation bypass techniques to enable more individuals and organizations to participate.

Microsoft's Mitigation Bypass Bounty has been ongoing since June and, as reported last month , has already paid out over $128,000 to security researchers. Now the scheme is "evolving" to widen the pool of talent eligible for bounty payouts.




Making the announcement on the Blue Hat blog, Microsoft's Senior Security Strategist Katie Moussouris said:

Today’s news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.

Individuals and organizations who are interested in joining the expanded program must pre-register by sending an email to at and signing an agreement.prior to sending in a submission. They will then be eligible for both the Mitigation Bypass Bounty, which offers up to $100,000 for truly novel exploitation techniques against protections built into Windows 8.1; and the BlueHat Bonus for Defense,  an additional $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission, by including a technical whitepaper to describe a way to effectively block the exploitation technique.

Explaining the move, Moussouris says:

This evolution of our bounty programs is designed to further disrupt the vulnerability and exploit markets. Currently, black markets pay high prices for vulnerabilities and exploits based on factors that include exclusivity and longevity of usefulness before a vendor discovers and mitigates it.  By expanding our bounty program, Microsoft is cutting down the time that exploits and vulnerabilities purchased on the black market remain useful, especially for targeted attacks that rely on stealthy exploitation without discovery.

Trying to convert malicious hackers into friendly hackers seems to be an idea that Microsoft is currently adopting on more than one front. Together with Facebook, Microsoft has launched Hackerone, an Internet Bug Bounty program that offers rewards for discovering security holes in the open source software that underpins the functioning of the Internet. In this program the rewards are between $300 and $5,000, although its panel of security experts, which includes Katie Moussouris, can make higher awards depending on nature of the bug.

More Information

Bounty Evolution

Mitigation Bypass Bounty and BlueHat Bonus for Defense Guidelines

Related Articles

Bounty Hunter Awarded $100,000

Microsoft Offers $100,000 For Novel Exploits

Microsoft and Facebook Launch Internet Bug Bounty Scheme

Google Offers Cash For Security Patches


To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.


Summer SALE Kindle 9.99 Paperback $10 off!!




or email your comment to:


The PyCon AU and SciPy 2023 Sessions Are Now Online

The talks presented at the 2023 PyCon Australia and SciPy are now available as YouTube playlists. Topics ranged from Data cleaning and visualization to APIs, GUIs and Parallelism.

Kotlin Re-Enters TIOBE Index Top 20

Kotlin, the open-source Java alternative from JetBrains, is back in the Top 20 of the TIOBE Index, displacing Julia which lost the 20th position after only one month and is now down at 25th place.

More News

Last Updated ( Friday, 08 November 2013 )