News

Microsoft pays out $128K to security bug hunters

Warwick Ashford

Microsoft has paid out more than $128,000 to security researchers since first offering bug bounties just over three months ago.

In June, Microsoft announced three security bounty programmes to help improve the resilience of its products through responsible disclosure of flaws that hackers could exploit.

45647_Dollars-Thinkstock.jpg

Several big software companies, including Google, Paypal and Facebook, have established bug bounty programmes, but Microsoft had stopped short of offering similar cash rewards before.

The bulk of the rewards paid so far are for a mitigation bypass technique and 15 exploitable vulnerabilities reported in the preview version of its latest version of Microsoft’s web browser, Internet Explorer (IE11), which is scheduled to ship with Windows 8.1 on 18 October 2013.

Microsoft said it would pay up to $11,000 under the IE11 Preview Bug Bounty programme that ran from 26 June to 26 July 2013.

The software firm’s other two bug bounty programmes are ongoing.

Under the Mitigation Bypass Bounty programme, Microsoft will pay up to $100,000 for “truly novel” exploitation techniques against protections built into Windows 8.

And the BlueHat Bonus for Defense programme offers up to $50,000 for defensive ideas that block a mitigation bypass technique.

Announcing the bug bounty programmes, Microsoft said they would provide another way for the company to harness the collective intelligence and capabilities of security researchers.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy