Microsoft has announced a 'bounty' program in a bid to encourage developers and security experts to find exploits in its upcoming products like Windows 8.1
Under the program, which will launch on June 26, Microsoft is offering to pay up to $100,000 USD for "truly novel exploitation techniques" against protections built into the latest version of its operating system Windows 8.1 Preview.
(Also see: Top 10 changes that Microsoft Windows 8.1 will bring)
Windows 8.1 is a major update to Microsoft's brand new operating system Windows 8, and given the serious bounty on offer, Microsoft clearly wants to leave nothing to chance as far as securing the operating system is concerned. The $100,000 amount is a big enough incentive for individuals to spend serious time and effort trying to find exploits in the OS, but for Microsoft it is pocket change to secure one of its most important release.
Microsoft is also offering an additional $50,000 BlueHat Bonus for those who submit a valid defence to block a bypass technique that qualifies for a bounty, bringing total potential reward to $150,000 for a single exploit.
Microsoft has posted details of the program that indicate individuals must be at least 14 years old to participate. It has also posted details on what qualifies as an exploit, and how developers or security experts can submit their entries. Though there are no restrictions on the number of qualified submissions an individual submitter can submit and be paid for, all bounties will be paid out at Microsoft's discretion, which may indeed be considerably less than $100,000.
In the event more than one party submit the same exploit, Microsoft will consider not only time and date of submission, but also quality and complexity to be the deciding factor for eligibility of payment of the bounty.
Microsoft has also announced a separate bounty program for Internet Explorer, where it is offering to pay up to $11,000 USD for critical vulnerabilities that affect IE 11 Preview on Windows 8.1 Preview.
Details of all programs are available as a FAQ on the Microsoft website.
No comments:
Post a Comment