$100K Microsoft bounty open to more

By on
$100K Microsoft bounty open to more

Mitigation bypass bounties.

Microsoft's new bug bounty program is likely turning a lot more heads interested in cashing in on exploits affecting the company's software.

The tech giant recently announced that a subsection of its program, which paid individuals $100,000 for inventing new mitigation bypass techniques, was now “expanding the pool of talent who can participate.”

Before, individuals that invented new mitigation bypass techniques for the company were in the running for the high-dollar reward.

But, according to Katie Moussouris, a senior security strategist at Microsoft's security response center, who blogged about the program's “evolution” last Friday, those who discover and disclose the specific issue being actively exploited will also be included.

Microsoft introduced its bug bounty program in June, finally offering monetary incentives for researchers reporting vulnerabilities.

“We are expanding the pool of talent who can participate and submit novel mitigation bypass techniques and defensive ideas to include responders and forensic experts who find active attacks in the wild,” Moussouris wrote, later explaining the impact of the change.

“Today's news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.”

Those wishing to participate will be required to pre-register by emailing doa@Microsoft.com before submitting proof-of-concept code and technical analysis of active exploits, Moussouris said.

Entrants offering up a “qualifying defense idea” to thwart attacks would also be eligible for up to $50,000.

With the move, Microsoft aims to shorten the time that exploits and bugs sold on the underground market are usable, “especially for targeted attacks that rely on stealthy exploitation without discovery,” she added.

So far, one researcher has been awarded with the $100,000 prize for reporting a critical mitigation bypass flaw in Windows 8.1. Last month, James Forshaw, a security vulnerability researcher with U.K.-based Context Information Security, nabbed the coveted bounty.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition
Tags:
bug bounties microsoft security

Most Read Articles

Hacked Aussie Defence firm lost fighter jet, bomb, ship plans

Hacked Aussie Defence firm lost fighter jet, bomb, ship plans
Devastating flaw puts almost every wi-fi network at risk

Devastating flaw puts almost every wi-fi network at risk
NBN Co to start charging for 'no fault found' callouts

NBN Co to start charging for 'no fault found' callouts
NBN Co works to recover cost of network damage

NBN Co works to recover cost of network damage
You must be a registered member of iTnews to post a comment.
| Register

Whitepapers from our sponsors

The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
The 5G Business Potential – Industry digitalisation and the untapped opportunities for operators
Solving IT complexity
Solving IT complexity
Optimising Enterprise Data Centres for the Cloud
Optimising Enterprise Data Centres for the Cloud
Growing companies have a growing interest in technology
Growing companies have a growing interest in technology
RSA NetWitness® Endpoint. Respond 3X Faster to Threats
RSA NetWitness® Endpoint. Respond 3X Faster to Threats

Events

Log In

Username:
Password:
|  Forgot your password?