Microsoft to pay cash for vulnerability reports

By

Up to US$100,000 bounty.

Following the example of other vendors such as Google and Mozilla, Microsoft this morning announced three security bounty programmes starting next week, with cash offered to those who discover and report vulnerabilities and exploitation techniques.

Microsoft to pay cash for vulnerability reports

Under the Mitigation Bypass Bounty programme, a "truly novel exploitation" technique that can be used to bypass protections in Windows 8.1 preview could earn those that report it up to US$100,000.

Microsoft said learning about new exploitation techniques helped the company improve security by leaps, instead of capturing one vulnerability at a time.

The BlueHat Bonus for Defence programme pays up to US$50,000 for ideas on defensive technologies to protect computer systems, and Microsoft has also set up a thirty-day bug bounty programme for the new Internet Explorer 11 preview, ending July 26 this year.

While the Internet Explorer 11 preview programme offers between US$500 to US$11,000 for vulnerabilities, Microsoft said it "reserves the right" to pay more than that, depending on the entry quality and complexity.

Although the programmes are primarily aimed at Windows 8.1, Microsoft said it would gladly accept reports about vulnerabilities for previous versions of Windows.

Bug bounty hunters must be 14 years or older, and minors need parents or legal guardians' permission to take part in the programmes.

Microsoft employees are not eligible to take part in the programmes, nor are residents of countries under United States sanctions such as Cuba, Iran, North Korea, Sudan and Syria.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas contacted by "potential cyber criminal"

Qantas contacted by "potential cyber criminal"

SA Power Networks tackles IAM, cloud security under five-year strategy

SA Power Networks tackles IAM, cloud security under five-year strategy

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Log In

  |  Forgot your password?