Microsoft ready to cough up (potentially big!) bounty bucks for bugs

Filed Under: Featured, Internet Explorer, Microsoft, Vulnerability, Windows

Magnifying glass image courtesy of ShutterstockOn Wednesday, Microsoft announced that it's now going to pony up with bounties that can reach $100,000 for vulnerabilities that can crack Windows, starting with the upcoming preview version of Windows 8.1, due to be released later this month.

But that's not all. Researchers who go beyond reporting novel exploits by sending in a whitepaper to describe "effective, practical, and robust" mitigation for qualifying exploits can get up to an additional $50,000 - or what Microsoft has dubbed the "BlueHat Bonus for Defense".

Facebook, Google, Mozilla and Twitter have all offered bounties for some time, but those have ranged from a few hundred to several thousand dollars.

In contrast, Microsoft's bounties are downright lavish.

Plus, they pertain specifically to research on products still in beta.

Their bug bounty program for Internet Explorer 11 Preview, which will pay out $11,000 for unique exploits, runs between June 26 and July 26 2013, so Microsoft is urging researchers to get hopping on preparing those reports.

Microsoft senior security strategist Katie Moussouris said in a blog post that rewarding researchers earlier in the game is better for all:

"[Many organizations] don’t offer bounties for software in beta, so some researchers would hold onto vulnerabilities until the code is released to manufacturing. Learning about these vulnerabilities earlier is always better for us and for our customers."

Maybe it's late to the bug bounty game, but given the generous rewards and the focus on finding bugs early while products are still in beta, there's a greatness to Microsoft's lateness.


Image of magnifying glass courtesy of Shutterstock.

, , , , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.