Security Advisor

Wanted: Microsoft Announces Bounties for Exposing Security Holes

Found a hole in Microsoft's latest version of Windows? You could be awarded $100,000.

While Microsoft does quite a bit to search out security issues in its software, it's hoping it can bribe the public to do its dirty work for it. And I'm betting it's hoping it could also persuade those that typically spend their time attacking Microsoft's software to spill the beans for some green.

The company today announced that its new bounty program, set to go live June 26, will award cash prizes up to $100,000 for the discovery of new flaws. Microsoft's new program mimics other well-known cash payout competitions for security vulnerabilities, like the annual Pwn2Own hacking competition.

"Our new bounty programs add fresh depth and flexibility to our existing community outreach programs," said Microsoft in an announcement made today.  "Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers."

The launch date of the new initiative will bring three different challenges:

  • Migration Bypass Bounty: Microsoft will be offering its top prize ($100,000) for the discovery of "truly novel" security exploits in the latest version of its OS -- Windows 8.1 Preview. This prize has no end date, and remember, the money will only be awarded to holes found in the newest version of the OS -- no prize for dusting off those Windows 98 machines to look for exploits.
  • BlueHat Bonus for Defense: Microsoft won't only award you for finding those holes in its operating system, but it's willing to pay you an extra $50,000 for providing a solid defense to guard against the vulnerability.
  • Internet Explorer 11 Preview Bug Bounty: Get paid up to $11,000 for each "critical" vulnerability found in Internet Explorer 11 Preview, running on Windows 8.1 Preview. This prize will only last for 30 days.

For those looking for an audience to show off their security skills, the prize can be performed live in front of a panel of judges during this year's Black Hat USA conference, slated for July 27-Aug. 1 in Las Vegas. And, as a bonus to the $100,000 prize for the migration bypass flaw, you also get to keep the laptop used in the demo!

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.


comments powered by Disqus

Subscribe on YouTube