$100K Microsoft bounty open to more

By on
$100K Microsoft bounty open to more

Mitigation bypass bounties.

Microsoft's new bug bounty program is likely turning a lot more heads interested in cashing in on exploits affecting the company's software.

The tech giant recently announced that a subsection of its program, which paid individuals $100,000 for inventing new mitigation bypass techniques, was now “expanding the pool of talent who can participate.”

Before, individuals that invented new mitigation bypass techniques for the company were in the running for the high-dollar reward.

But, according to Katie Moussouris, a senior security strategist at Microsoft's security response center, who blogged about the program's “evolution” last Friday, those who discover and disclose the specific issue being actively exploited will also be included.

Microsoft introduced its bug bounty program in June, finally offering monetary incentives for researchers reporting vulnerabilities.

“We are expanding the pool of talent who can participate and submit novel mitigation bypass techniques and defensive ideas to include responders and forensic experts who find active attacks in the wild,” Moussouris wrote, later explaining the impact of the change.

“Today's news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.”

Those wishing to participate will be required to pre-register by emailing doa@Microsoft.com before submitting proof-of-concept code and technical analysis of active exploits, Moussouris said.

Entrants offering up a “qualifying defense idea” to thwart attacks would also be eligible for up to $50,000.

With the move, Microsoft aims to shorten the time that exploits and bugs sold on the underground market are usable, “especially for targeted attacks that rely on stealthy exploitation without discovery,” she added.

So far, one researcher has been awarded with the $100,000 prize for reporting a critical mitigation bypass flaw in Windows 8.1. Last month, James Forshaw, a security vulnerability researcher with U.K.-based Context Information Security, nabbed the coveted bounty.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:
bug bounties microsoft security

Most Read Articles

Petya damage to TNT Express systems is likely permanent

Petya damage to TNT Express systems is likely permanent
Meet WooliesX, the new digital arm of Woolworths

Meet WooliesX, the new digital arm of Woolworths
AWS warns users about open S3 buckets

AWS warns users about open S3 buckets
Why you should care about the govt's encryption crackdown

Why you should care about the govt's encryption crackdown
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
Building platforms for future health and education
Building platforms for future health and education
Breach Level Index Report
Breach Level Index Report

Events

Log In

Username:
Password:
|  Forgot your password?