Microsoft pays out $128K to security bug hunters

Microsoft has paid out more than $128,000 since introducing bug bounty programmes in June

Microsoft has paid out more than $128,000 to security researchers since first offering bug bounties just over three months ago.

In June, Microsoft announced three security bounty programmes to help improve the resilience of its products through responsible disclosure of flaws that hackers could exploit.

Several big software companies, including Google, Paypal and Facebook, have established bug bounty programmes, but Microsoft had stopped short of offering similar cash rewards before.

The bulk of the rewards paid so far are for a mitigation bypass technique and 15 exploitable vulnerabilities reported in the preview version of its latest version of Microsoft’s web browser, Internet Explorer (IE11), which is scheduled to ship with Windows 8.1 on 18 October 2013.

Microsoft said it would pay up to $11,000 under the IE11 Preview Bug Bounty programme that ran from 26 June to 26 July 2013.

The software firm’s other two bug bounty programmes are ongoing.

Under the Mitigation Bypass Bounty programme, Microsoft will pay up to $100,000 for “truly novel” exploitation techniques against protections built into Windows 8.

And the BlueHat Bonus for Defense programme offers up to $50,000 for defensive ideas that block a mitigation bypass technique.

Announcing the bug bounty programmes, Microsoft said they would provide another way for the company to harness the collective intelligence and capabilities of security researchers.

Read more on Application security and coding requirements