Thursday 20 June 2013

Microsoft unveils bug bounty programs and rewards starting June 26

Microsoft has announced that it is kicking off three bounty programs this month to encourage hackers to find bugs and exploitations. Each bounty program has its own cash reward, with the highest one being $100,000, and the lowest being $11,000. All three bounty programs start on June 26, and with two of them having an “ongoing” timeframe.
IE
The first bounty program is the Mitigation Bypass Bounty, in which Microsoft is seeking out “truly novel exploitation techniques” concerning Windows 8.1 Preview. Says Microsoft, such a program aims to reveal vulnerabilities that will give the company a one-up on security issues, fixing them before malicious individuals find them. The program has an ongoing timeframe, and offers up to $100,000 USD.
The next program is the BlueHat Bonus for Defense, which is an extension of the Mitigation Bypass Bounty, and must accompany a submission in that category. This category focuses on defense, with the company saying this shows its support for defense-related technology. Likewise, this bounty has a $50,000 USD reward, and has an ongoing timeframe.
And finally there is an Internet Explorer 11 Preview Bug Bounty, which is separate from the two previous bounty categories. This category focuses on finding security issues with Intenet Explorer 11 Preview on Windows 8.1 Preview. The reward for successful submissions is $11,000, with the timeframe lasting 30 days from June 26 to July 26.
Both the Mitigation Bypass Bounty and the BlueHat Bonus for Defense require whitepapaers to be included with the submissions, as well as other requirements detailed in its rules. In order to get the full amount of the reward, a submission will need to provide a complete exploit that can be remotely executed.
SOURCE: Microsoft

No comments:

Post a Comment