June 21, 2013
Beginning June 26, Microsoft will offer anywhere from $11,000 to $100,000 to ethical hackers who find flaws in the company’s software.
“Our new bounty programs add fresh depth and flexibility to our existing community outreach programs,” Microsoft said in a post on its Security Response Center.
“Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers.”
There will be three levels of rewards. They are:
• Mitigation Bypass Bounty.
Microsoft will pay up to $100,000 “for truly novel exploitation techniques” against protections built into its Windows 8.1 Preview.
“Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would,” the company said.
• BlueHat Bonus for Defense
Up to $50,000 will be shelled out for defensive ideas that go hand-in-hand with a qualifying Mitigation Bypass submission.
The company said such ideas support of defensive technologies making available a way for the research community to safeguard more than one billion computer systems globally.
• Internet Explorer 11 Preview Bug Bounty
Those who find critical vulnerabilities affecting Internet Explorer 11 Preview on the latest version of Windows (Windows 8.1 Preview) will qualify for up to $11,000. The entry period for this program will be the first 30 days of the Internet Explorer 11 beta period: June 26 to July 26, 2013.
“Learning about critical vulnerabilities in Internet Explorer as early as possible during the public preview will help Microsoft make the newest version of the browser more secure,” the company said.