Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Please click for more information, or scroll down to pass the ad, or Close Ad.
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Microsoft/Windows
Tame your scariest paperwork. Find Out How
Average Rating:
Rate this article:  
Microsoft Jumps on Bug-Bounty Bandwagon
Microsoft Jumps on Bug-Bounty Bandwagon

By Jennifer LeClaire
June 20, 2013 1:56PM

    Bookmark and Share
"I think this is an intelligent move by Microsoft to tap talent from all over the world, especially in the security space where it's hard to find that talent," said Amol Sarwate, director of Qualys Vulnerability Labs. of its new bug-bounty program. "It also encourages good research to land into the hands of vendors rather than being sold on the black market."
 


Microsoft is getting in on the bug-bounty bandwagon, following in the footsteps of Google and Facebook. The technology giant is asking hackers and researchers to help protect its customers and make its products better in exchange for a pocket full of cash.

"Microsoft is now offering direct cash payments in exchange for reporting certain types of vulnerabilities and exploitation techniques," the company said in its announcement. "Our new bounty programs add fresh depth and flexibility to our existing community outreach programs."

Beginning June 26, Microsoft will launch several bounty programs, including Mitigation Bypass Bounty, the BlueHat Bonus for Defense and the Internet Explorer 11 Preview Bug Bounty. Analysts said the programs are a smart move.

Betting on the Bounty

Under the Mitigation Bypass Bounty, Microsoft will pay up to $100,000 for "truly novel exploitation techniques against protections" built into the latest version of its operating system. Microsoft said learning about new exploitation techniques earlier helps the company improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would. This program is ongoing.

The BlueHat Bonus for Defense program promises up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission. Microsoft said doing so highlights its continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide. This program is also ongoing.

Finally, the IE 11 Preview Bug Bounty offers up to $11,000 for critical vulnerabilities that affect the browser on the latest version of Windows 8.1 Preview. The entry period for this program will be the first 30 days of the IE 11 beta period. Microsoft said learning about critical vulnerabilities in IE as early as possible during the public preview will help Microsoft make the newest version of the browser more secure.

It's About Time

"I think this is an intelligent move by Microsoft to tap talent from all over the world, especially in the security space where it's hard to find that talent. It also encourages good research to land into the hands of vendors rather than being sold on the black market," said Amol Sarwate, director of Qualys Vulnerability Labs.

"Bug bounty programs are not new and have been implemented previously by Google, Mozilla, PayPal and Facebook to name a few," Sarwate told us. "White market bug bounty programs like HP-Tipping Point's Zero Day Initiative have been around for a few years now. Nevertheless, Microsoft's move is welcome and the prize money certainly trumps other programs."
 

Tell Us What You Think
Comment:

Name:



APC has an established a reputation for solid products that virtually pay for themselves upon installation. Who has time to spend worrying about system downtime? APC makes it easy for you to focus on business growth instead of business downtime with reliable data center systems and IT solutions. Learn more here.


 Microsoft/Windows
1.   Microsoft, BMC Targeting VMware
2.   Cortana Fills Windows Phone Gap
3.   Review: Windows Embraces the Past
4.   Patch Tuesday Offers Critical Fixes
5.   China Approves Microsoft-Nokia Deal


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Verizon Data Breach Report Exposes Top Threats
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Where Do Web Sites Stand, Post-Heartbleed?
A security firm says the vast majority of Web sites have patched themselves to protect against the Heartbleed bug, but now there are questions raised on the reliability of open-source programs.
 
White House Updating Online Privacy Policy
A new Obama administration privacy policy explains how the government will gather the user data of online visitors to WhiteHouse.gov, mobile apps and social media sites, saying much is in the public domain.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.