With an added $50,000 for defensive ideas
SOFTWARE HOUSE Microsoft will offer a
reward of $100,000 for the first security researcher to crack Windows
8.1 as part of a bug bounty programme.
Launching on 26 June, the Redmond firm's "Mitigation Bypass Bounty" will pay anyone $100,000 that provides Microsoft with "truly novel exploitation techniques" against protections built into the latest version of its operating system, Windows 8.1 Preview.
"Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would," Microsoft said in a post on its Security Response Centre.
Microsoft will also hand over a "Bluehat Bonus", an additional $50,000 incentive for hackers that provide it with "defensive ideas" along with their successful Mitigation Bypass submission.
"Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide," Microsoft explained.
The firm will also pay up to $11,000 to penetration testers that detect bugs in its previews of Internet Explorer 11, with the entry period for this programme set for the first 30 days of the beta period from 26 June to 26 July.
"Our new bounty programs add fresh depth and flexibility to our existing community outreach programs," Microsoft said. "Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers."
Qualys' director of vulnerability labs Amol Sarwate thinks this is an "intelligent move" by Microsoft to tap talent from all over the world, "especially in the security space where it's hard to find that talent," he said.
"It also encourages good research to land into the hands of vendors rather than being sold on the black market," Sarwate added.
Launching on 26 June, the Redmond firm's "Mitigation Bypass Bounty" will pay anyone $100,000 that provides Microsoft with "truly novel exploitation techniques" against protections built into the latest version of its operating system, Windows 8.1 Preview.
"Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would," Microsoft said in a post on its Security Response Centre.
Microsoft will also hand over a "Bluehat Bonus", an additional $50,000 incentive for hackers that provide it with "defensive ideas" along with their successful Mitigation Bypass submission.
"Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide," Microsoft explained.
The firm will also pay up to $11,000 to penetration testers that detect bugs in its previews of Internet Explorer 11, with the entry period for this programme set for the first 30 days of the beta period from 26 June to 26 July.
"Our new bounty programs add fresh depth and flexibility to our existing community outreach programs," Microsoft said. "Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers."
Qualys' director of vulnerability labs Amol Sarwate thinks this is an "intelligent move" by Microsoft to tap talent from all over the world, "especially in the security space where it's hard to find that talent," he said.
"It also encourages good research to land into the hands of vendors rather than being sold on the black market," Sarwate added.
Aucun commentaire:
Enregistrer un commentaire