Newsletters
News & Information for Technology Purchasers NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home Enterprise I.T. Cloud Computing Applications Hardware More Topics...
Neustar, Inc.
Protect your website & network
using real-time information & analysis

www.neustar.biz
World Wide Web
24/7/365 Network Uptime!
Average Rating:
Rate this article:  
Microsoft Jumps on Bug-Bounty Bandwagon
Microsoft Jumps on Bug-Bounty Bandwagon

By Jennifer LeClaire
June 20, 2013 1:56PM

    Bookmark and Share
"I think this is an intelligent move by Microsoft to tap talent from all over the world, especially in the security space where it's hard to find that talent," said Amol Sarwate, director of Qualys Vulnerability Labs. of its new bug-bounty program. "It also encourages good research to land into the hands of vendors rather than being sold on the black market."
 



Microsoft is getting in on the bug-bounty bandwagon, following in the footsteps of Google and Facebook. The technology giant is asking hackers and researchers to help protect its customers and make its products better in exchange for a pocket full of cash.

"Microsoft is now offering direct cash payments in exchange for reporting certain types of vulnerabilities and exploitation techniques," the company said in its announcement. "Our new bounty programs add fresh depth and flexibility to our existing community outreach programs."

Beginning June 26, Microsoft will launch several bounty programs, including Mitigation Bypass Bounty, the BlueHat Bonus for Defense and the Internet Explorer 11 Preview Bug Bounty. Analysts said the programs are a smart move.

Betting on the Bounty

Under the Mitigation Bypass Bounty, Microsoft will pay up to $100,000 for "truly novel exploitation techniques against protections" built into the latest version of its operating system. Microsoft said learning about new exploitation techniques earlier helps the company improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would. This program is ongoing.

The BlueHat Bonus for Defense program promises up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission. Microsoft said doing so highlights its continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide. This program is also ongoing.

Finally, the IE 11 Preview Bug Bounty offers up to $11,000 for critical vulnerabilities that affect the browser on the latest version of Windows 8.1 Preview. The entry period for this program will be the first 30 days of the IE 11 beta period. Microsoft said learning about critical vulnerabilities in IE as early as possible during the public preview will help Microsoft make the newest version of the browser more secure.

It's About Time

"I think this is an intelligent move by Microsoft to tap talent from all over the world, especially in the security space where it's hard to find that talent. It also encourages good research to land into the hands of vendors rather than being sold on the black market," said Amol Sarwate, director of Qualys Vulnerability Labs.

"Bug bounty programs are not new and have been implemented previously by Google, Mozilla, PayPal and Facebook to name a few," Sarwate told us. "White market bug bounty programs like HP-Tipping Point's Zero Day Initiative have been around for a few years now. Nevertheless, Microsoft's move is welcome and the prize money certainly trumps other programs."
 

Tell Us What You Think
Comment:

Name:



Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.


 World Wide Web
1.   Bell Labs Pushes Copper to 10 Gbps
2.   Escort Charged in Google Exec Death
3.   Google, SAP, More Fight Patent Trolls
4.   NY Reaches Price Limit Deal with Uber
5.   Germany Probes New U.S. Spy Case


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Report: Chinese Hackers Hit U.S. Personnel Networks
Hackers from China broke into the computer networks of the U.S. Office of Personnel Management earlier this year with the intention of accessing the files of tens of thousands of federal employees.
 
Charges: Russian Stole Data from U.S. Restaurants, Zoo
A Russian man arrested on bank fraud and other charges hacked into computers at restaurants in Washington, hundreds of other retail businesses, and even the Phoenix Zoo, authorities say.
 
Another Month, Another IE-Focused Patch Tuesday
Microsoft rolled out 59 vulnerabilities for Internet Explorer in June. But the IE-patching party is not over yet. Redmond published six new security bulletins on Tuesday; two, critical; three, important.
 

Navigation
NewsFactor Network
Home/Top News | Enterprise I.T. | Cloud Computing | Applications | Hardware | Mobile Tech | Big Data | Communications
World Wide Web | Network Security | Data Storage | Small Business | Microsoft/Windows | Apple/Mac | Linux/Open Source | Personal Tech
Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.