Starting on June 26, Redmond will kick off three bounty programs for exploits related to Windows 8.1 and Internet Explorer 11. Those who manage to crack Microsoft's programs can collect up to $100,000 in reward money.
These programs will allow Microsoft to reward work by researchers and improve the security of their software — all to the benefit of consumers.
The three programs include:
Mitigation Bypass Bounty: Earn up to $100,000 for an exploit against Microsoft's upcoming Windows 8 update, Windows 8.1.
BlueHat Bonus for Defense: Earn up to $50,000 "for defensive ideas that accompany a qualifying Mitigation Bypass submission," Microsoft said.
Internet Explorer 11 Preview Bug Bounty: Earn up to $11,000 for vulnerabilities on IE11 within Windows 8.1.
Microsoft did not set a hard deadline for the first two programs, but participants have 30 days, or until July 26, to uncover a bug within IE11.
The highest rewards will be given to those who demonstrate the ability of the exploit to bypass Microsoft's security layers.
Aside from offering heaps of cash to researchers, the three researcher-focused programs "will also help to fill gaps in the current marketplace and enhance our relationships within this invaluable community, all while making our products more secure for our customers," Mike Reavey, senior director of the Microsoft Security Response Center, said in a statement.
This move marks Microsoft's first step into the world of bug bounties which their competitors have been using for years. I expect Microsoft's Internet Explorer to improve as a result of this new program. I just wish they had done this years ago.
No comments:
Post a Comment