An Interest In:
Web News this Week
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
- March 22, 2024
Some of Our Sources
- Slashdot
- Smashing Magazine
- Abduzeedo
- Inspiredology
- Web Designer Depot
- FanExtra - PSD
- Spyre Studios
- Android Headlines
- Hashedout
- TechPowerUp
Help Webnuz
Referal links:
June 19, 2013 10:12 pm GMT
Microsoft has long resisted this move, but starting June 26 — the date the Windows 8.1 preview will ship — it will finally launch its own security bounty program. The company will offer bounties up to $100,000 for “truly novel exploitation techniques” that expose security issues in Windows 8.1 Preview. It will also pay up to $11,000 for Internet Explorer 11 vulnerabilities and up to $50,000 for “defensive ideas that accompany a qualifying Mitigation Bypass submission.” Microsoft says it made this shift to bounty programs “in order to learn about these issues earlier and to increase the win-win between Microsofts customers and the security researcher community.” It’s worth noting that the IE 11 Preview program will only be open for 30 days after the launch of Windows 8.1 Preview. This makes sense, though. The IE 11 bounty, Microsoft says, is mostly meant to “fill a gap in the vulnerability marketplace to the benefit of researchers, Microsoft engineers and our customers.” Most existing bounty programs and white market vulnerability brokers like HPs Tipping Point Zero Day Initiative and iDEFENSEs Vulnerability Contributor Program also don’t offer bounties for beta software. The company acknowledges that it isn’t exactly the first vendor to offer this kind of program, though Katie Moussouris, a Senior Security Strategist at Microsoft Research, argues that the company has long sponsored hacker conferences and awarded cash and prizes through other programs in the past. She also notes that Microsoft will likely announce a number of other ways to work with users and industry partners to discover security issues. Here is a full description of the three programs: Mitigation Bypass Bounty Microsoft will pay up to $100,000 USD for truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview). Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of one vulnerability at a time. This is an ongoing program and not tied to any event or contest. BlueHat Bonus for Defense Microsoft will pay up to $50,000 USD for defensive ideas that accompany a qualifying Mitigation Bypass Bounty submission. Doing so highlights our continued support of defense and provides a way for the research community to help protect over a billion computer systems worldwide from vulnerabilities that may not have even been discovered. IE11 Preview Bug Bounty Microsoft will pay up to $11,000 USD for critical
Original Link: http://feedproxy.google.com/~r/Techcrunch/~3/xI4Rer5pw54/
Microsoft Launches Security Bounty Program, Will Pay Up To $100K For Exploits
Microsoft has long resisted this move, but starting June 26 — the date the Windows 8.1 preview will ship — it will finally launch its own security bounty program. The company will offer bounties up to $100,000 for “truly novel exploitation techniques” that expose security issues in Windows 8.1 Preview. It will also pay up to $11,000 for Internet Explorer 11 vulnerabilities and up to $50,000 for “defensive ideas that accompany a qualifying Mitigation Bypass submission.” Microsoft says it made this shift to bounty programs “in order to learn about these issues earlier and to increase the win-win between Microsofts customers and the security researcher community.” It’s worth noting that the IE 11 Preview program will only be open for 30 days after the launch of Windows 8.1 Preview. This makes sense, though. The IE 11 bounty, Microsoft says, is mostly meant to “fill a gap in the vulnerability marketplace to the benefit of researchers, Microsoft engineers and our customers.” Most existing bounty programs and white market vulnerability brokers like HPs Tipping Point Zero Day Initiative and iDEFENSEs Vulnerability Contributor Program also don’t offer bounties for beta software. The company acknowledges that it isn’t exactly the first vendor to offer this kind of program, though Katie Moussouris, a Senior Security Strategist at Microsoft Research, argues that the company has long sponsored hacker conferences and awarded cash and prizes through other programs in the past. She also notes that Microsoft will likely announce a number of other ways to work with users and industry partners to discover security issues. Here is a full description of the three programs: Mitigation Bypass Bounty Microsoft will pay up to $100,000 USD for truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview). Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of one vulnerability at a time. This is an ongoing program and not tied to any event or contest. BlueHat Bonus for Defense Microsoft will pay up to $50,000 USD for defensive ideas that accompany a qualifying Mitigation Bypass Bounty submission. Doing so highlights our continued support of defense and provides a way for the research community to help protect over a billion computer systems worldwide from vulnerabilities that may not have even been discovered. IE11 Preview Bug Bounty Microsoft will pay up to $11,000 USD for criticalOriginal Link: http://feedproxy.google.com/~r/Techcrunch/~3/xI4Rer5pw54/
Share this article:
Tweet
View Full Article
Techcrunch
TechCrunch is a leading technology blog, dedicated to obsessively profiling startups, reviewing new Internet products, and breaking tech news.More About this Source Visit Techcrunch