$100K Microsoft bounty open to more

By on
$100K Microsoft bounty open to more

Mitigation bypass bounties.

Microsoft's new bug bounty program is likely turning a lot more heads interested in cashing in on exploits affecting the company's software.

The tech giant recently announced that a subsection of its program, which paid individuals $100,000 for inventing new mitigation bypass techniques, was now “expanding the pool of talent who can participate.”

Before, individuals that invented new mitigation bypass techniques for the company were in the running for the high-dollar reward.

But, according to Katie Moussouris, a senior security strategist at Microsoft's security response center, who blogged about the program's “evolution” last Friday, those who discover and disclose the specific issue being actively exploited will also be included.

Microsoft introduced its bug bounty program in June, finally offering monetary incentives for researchers reporting vulnerabilities.

“We are expanding the pool of talent who can participate and submit novel mitigation bypass techniques and defensive ideas to include responders and forensic experts who find active attacks in the wild,” Moussouris wrote, later explaining the impact of the change.

“Today's news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.”

Those wishing to participate will be required to pre-register by emailing doa@Microsoft.com before submitting proof-of-concept code and technical analysis of active exploits, Moussouris said.

Entrants offering up a “qualifying defense idea” to thwart attacks would also be eligible for up to $50,000.

With the move, Microsoft aims to shorten the time that exploits and bugs sold on the underground market are usable, “especially for targeted attacks that rely on stealthy exploitation without discovery,” she added.

So far, one researcher has been awarded with the $100,000 prize for reporting a critical mitigation bypass flaw in Windows 8.1. Last month, James Forshaw, a security vulnerability researcher with U.K.-based Context Information Security, nabbed the coveted bounty.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
bug bounties microsoft security
In Partnership With

Most Read Articles

NBN Co reveals FTTN premises that never hit 25Mbps peak speeds

NBN Co reveals FTTN premises that never hit 25Mbps peak speeds
NBN Co reveals 58 percent of HFC network still unserviceable

NBN Co reveals 58 percent of HFC network still unserviceable
Ban Chrome as default browser, limit Facebook user data harvesting: ACCC crackdown

Ban Chrome as default browser, limit Facebook user data harvesting: ACCC crackdown
Microsoft patches exploited new Windows zero-day

Microsoft patches exploited new Windows zero-day
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

Automate and secure IOT for Business
Automate and secure IOT for Business
Data Science and AI Solutions for Cybersecurity
Data Science and AI Solutions for Cybersecurity
Intro to AI for Security Professionals
Intro to AI for Security Professionals
Digital Transformation: Hope, or Hype?
Digital Transformation: Hope, or Hype?
How to choose a trusted IT provider
How to choose a trusted IT provider

Events

Log In

Username / Email:
Password:
  |  Forgot your password?