$100K Microsoft bounty open to more

By on
$100K Microsoft bounty open to more

Mitigation bypass bounties.

Microsoft's new bug bounty program is likely turning a lot more heads interested in cashing in on exploits affecting the company's software.

The tech giant recently announced that a subsection of its program, which paid individuals $100,000 for inventing new mitigation bypass techniques, was now “expanding the pool of talent who can participate.”

Before, individuals that invented new mitigation bypass techniques for the company were in the running for the high-dollar reward.

But, according to Katie Moussouris, a senior security strategist at Microsoft's security response center, who blogged about the program's “evolution” last Friday, those who discover and disclose the specific issue being actively exploited will also be included.

Microsoft introduced its bug bounty program in June, finally offering monetary incentives for researchers reporting vulnerabilities.

“We are expanding the pool of talent who can participate and submit novel mitigation bypass techniques and defensive ideas to include responders and forensic experts who find active attacks in the wild,” Moussouris wrote, later explaining the impact of the change.

“Today's news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.”

Those wishing to participate will be required to pre-register by emailing doa@Microsoft.com before submitting proof-of-concept code and technical analysis of active exploits, Moussouris said.

Entrants offering up a “qualifying defense idea” to thwart attacks would also be eligible for up to $50,000.

With the move, Microsoft aims to shorten the time that exploits and bugs sold on the underground market are usable, “especially for targeted attacks that rely on stealthy exploitation without discovery,” she added.

So far, one researcher has been awarded with the $100,000 prize for reporting a critical mitigation bypass flaw in Windows 8.1. Last month, James Forshaw, a security vulnerability researcher with U.K.-based Context Information Security, nabbed the coveted bounty.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
bug bounties microsoft security
In Partnership With

Most Read Articles

NSW puts digital driver's licence on a blockchain

NSW puts digital driver's licence on a blockchain
ANZ breaks out LEGO to bust staff silos

ANZ breaks out LEGO to bust staff silos
UNSW researchers find FTTP NBN worth the extra billions

UNSW researchers find FTTP NBN worth the extra billions
ANZ digital chief Maile Carnegie frets over human obsolescence

ANZ digital chief Maile Carnegie frets over human obsolescence
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

How to choose a trusted IT provider
How to choose a trusted IT provider
Why Business Process Modelling Matters
Why Business Process Modelling Matters
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Report: ANZ IT Decision Makers - Top Priorities for Endpoint Security 2018
Managed Security Service Providers for Dummies
Managed Security Service Providers for Dummies
The Cost of Cloud Expertise report
The Cost of Cloud Expertise report

Events

Log In

Username / Email:
Password:
  |  Forgot your password?