Microsoft pays out $128K to security bug hunters


Microsoft pays out $128K to security bug hunters

Warwick Ashford

Microsoft has paid out more than $128,000 to security researchers since first offering bug bounties just over three months ago.

In June, Microsoft announced three security bounty programmes to help improve the resilience of its products through responsible disclosure of flaws that hackers could exploit.


Several big software companies, including Google, Paypal and Facebook, have established bug bounty programmes, but Microsoft had stopped short of offering similar cash rewards before.

The bulk of the rewards paid so far are for a mitigation bypass technique and 15 exploitable vulnerabilities reported in the preview version of its latest version of Microsoft’s web browser, Internet Explorer (IE11), which is scheduled to ship with Windows 8.1 on 18 October 2013.

Microsoft said it would pay up to $11,000 under the IE11 Preview Bug Bounty programme that ran from 26 June to 26 July 2013.

The software firm’s other two bug bounty programmes are ongoing.

Under the Mitigation Bypass Bounty programme, Microsoft will pay up to $100,000 for “truly novel” exploitation techniques against protections built into Windows 8.

And the BlueHat Bonus for Defense programme offers up to $50,000 for defensive ideas that block a mitigation bypass technique.

Announcing the bug bounty programmes, Microsoft said they would provide another way for the company to harness the collective intelligence and capabilities of security researchers.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy