Wanted: Microsoft Announces Bounties for Exposing Security Holes -- Redmondmag.com

Wanted: Microsoft Announces Bounties for Exposing Security Holes

Found a hole in Microsoft's latest version of Windows? You could be awarded $100,000.

By Chris Paoli
06/19/2013

While Microsoft does quite a bit to search out security issues in its software, it's hoping it can bribe the public to do its dirty work for it. And I'm betting it's hoping it could also persuade those that typically spend their time attacking Microsoft's software to spill the beans for some green.

The company today announced that its new bounty program, set to go live June 26, will award cash prizes up to $100,000 for the discovery of new flaws. Microsoft's new program mimics other well-known cash payout competitions for security vulnerabilities, like the annual Pwn2Own hacking competition.

"Our new bounty programs add fresh depth and flexibility to our existing community outreach programs," said Microsoft in an announcement made today. "Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers."

The launch date of the new initiative will bring three different challenges:

Migration Bypass Bounty: Microsoft will be offering its top prize ($100,000) for the discovery of "truly novel" security exploits in the latest version of its OS -- Windows 8.1 Preview. This prize has no end date, and remember, the money will only be awarded to holes found in the newest version of the OS -- no prize for dusting off those Windows 98 machines to look for exploits.
BlueHat Bonus for Defense: Microsoft won't only award you for finding those holes in its operating system, but it's willing to pay you an extra $50,000 for providing a solid defense to guard against the vulnerability.
Internet Explorer 11 Preview Bug Bounty: Get paid up to $11,000 for each "critical" vulnerability found in Internet Explorer 11 Preview, running on Windows 8.1 Preview. This prize will only last for 30 days.

For those looking for an audience to show off their security skills, the prize can be performed live in front of a panel of judges during this year's Black Hat USA conference, slated for July 27-Aug. 1 in Las Vegas. And, as a bonus to the $100,000 prize for the migration bypass flaw, you also get to keep the laptop used in the demo!

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.