Microsoft pays out $128K to security bug hunters

Microsoft has paid out more than $128,000 since introducing bug bounty programmes in June

Microsoft has paid out more than $128,000 to security researchers since first offering bug bounties just over three months ago.

In June, Microsoft announced three security bounty programmes to help improve the resilience of its products through responsible disclosure of flaws that hackers could exploit.

Several big software companies, including Google, Paypal and Facebook, have established bug bounty programmes, but Microsoft had stopped short of offering similar cash rewards before.

The bulk of the rewards paid so far are for a mitigation bypass technique and 15 exploitable vulnerabilities reported in the preview version of its latest version of Microsoft’s web browser, Internet Explorer (IE11), which is scheduled to ship with Windows 8.1 on 18 October 2013.

Microsoft said it would pay up to $11,000 under the IE11 Preview Bug Bounty programme that ran from 26 June to 26 July 2013.

The software firm’s other two bug bounty programmes are ongoing.

Under the Mitigation Bypass Bounty programme, Microsoft will pay up to $100,000 for “truly novel” exploitation techniques against protections built into Windows 8.

And the BlueHat Bonus for Defense programme offers up to $50,000 for defensive ideas that block a mitigation bypass technique.

Announcing the bug bounty programmes, Microsoft said they would provide another way for the company to harness the collective intelligence and capabilities of security researchers.

Read more on Application security and coding requirements

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close