HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 14 MINUTES AGO.
You are here: Home / Network Security / Microsoft Offers Bug-Bounty Program
Microsoft Jumps on Bug-Bounty Bandwagon
Microsoft Jumps on Bug-Bounty Bandwagon
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JUNE
20
2013


Microsoft is getting in on the bug-bounty bandwagon, following in the footsteps of Google and Facebook. The technology giant is asking hackers and researchers to help protect its customers and make its products better in exchange for a pocket full of cash.

"Microsoft is now offering direct cash payments in exchange for reporting certain types of vulnerabilities and exploitation techniques," the company said in its announcement. "Our new bounty programs add fresh depth and flexibility to our existing community outreach programs."

Beginning June 26, Microsoft will launch several bounty programs, including Mitigation Bypass Bounty, the BlueHat Bonus for Defense and the Internet Explorer 11 Preview Bug Bounty. Analysts said the programs are a smart move.

Betting on the Bounty

Under the Mitigation Bypass Bounty, Microsoft will pay up to $100,000 for "truly novel exploitation techniques against protections" built into the latest version of its operating system. Microsoft said learning about new exploitation techniques earlier helps the company improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would. This program is ongoing.

The BlueHat Bonus for Defense program promises up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission. Microsoft said doing so highlights its continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide. This program is also ongoing.

Finally, the IE 11 Preview Bug Bounty offers up to $11,000 for critical vulnerabilities that affect the browser on the latest version of Windows 8.1 Preview. The entry period for this program will be the first 30 days of the IE 11 beta period. Microsoft said learning about critical vulnerabilities in IE as early as possible during the public preview will help Microsoft make the newest version of the browser more secure.

It's About Time

"I think this is an intelligent move by Microsoft to tap talent from all over the world, especially in the security space where it's hard to find that talent. It also encourages good research to land into the hands of vendors rather than being sold on the black market," said Amol Sarwate, director of Qualys Vulnerability Labs.

"Bug bounty programs are not new and have been implemented previously by Google, Mozilla, PayPal and Facebook to name a few," Sarwate told us. "White market bug bounty programs like HP-Tipping Point's Zero Day Initiative have been around for a few years now. Nevertheless, Microsoft's move is welcome and the prize money certainly trumps other programs."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
Here we go again -- or should that be “Regin”? That’s the name security firm Symantec has given to an “advanced piece of malware” used in systematic spying campaigns at least as far back as 2008.

ENTERPRISE HARDWARE SPOTLIGHT
Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

MOBILE TECHNOLOGY SPOTLIGHT
The new Android 5.0 Lollipop OS rolled out last month was Google's "biggest update of Android to date." However, early users report that Lollipop's sweet changes also come with less-tasty bugs.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.