News

Microsoft offers cash rewards for security bug hunters

Warwick Ashford

Microsoft has announced three security bounty programmes to help improve the resilience of its products through responsible disclosure of flaws that hackers could exploit.

Several big software companies – including Google, Paypal and Facebook – have established bug bounty programmes, but Microsoft has stopped short of offering similar cash rewards before.

But the software maker said the bounty programmes will provide another way for Microsoft to harness the collective intelligence and capabilities of security researchers to help further protect its customers.

Under the Mitigation Bypass Bounty programme, Microsoft will pay up to $100,000 for “truly novel” exploitation techniques against protections built into Windows 8.

“Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would,” the firm said in a blog post.

The BlueHat Bonus for Defense programme offers up to $50,000 for defensive ideas that block a mitigation bypass technique.

Microsoft will pay up to $11,000 under the Internet Explorer 11 Preview Bug Bounty programme for critical vulnerabilities that affect IE11 Preview on Windows 8.1 Preview.

All three programmes kick off on 26 June, but while the first two will be ongoing, the Explorer 11 programme will run only until 26 July.

“We’ve added three new researcher-focused programmes to Microsoft’s robust set of security initiatives,” said Mike Reavey, senior director, Microsoft Security Response Center.

“The bounty programmes will help to fill gaps in the current marketplace and enhance our relationships within the invaluable researcher community, all while making our products more secure for our customers,” he said.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy