IT Brief New Zealand - Technology news for CIOs & IT decision-makers
New Zealand
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
internet of things
#
work from home
Search
Story image
#
Cybersecurity
#
Microsoft
#
NDI
Microsoft offers $100k bounty to hackers
Thu, 20th Jun 2013
FYI, this story is more than a year old
By Staff Writer
Follow us

In a severe change of tact, Microsoft is willing to cough up financial rewards for anybody capable of finding security flaws in Windows 8.1.

Offering a US$100,000 bounty, the Redmond-based company believes it is a small price to pay for information regarding security bugs which can exploit software defences.

But after dismissing previous campaigns from rivals Google and Facebook who sought similar advice from accomplished hackers, Microsoft is now blowing both out of the water when it comes to money.

Google currently offers $20k and while Facebook does not specify the maximum reward for such services, the minimum payment comes in at a mere $500.

“These are super challenging to discover and they require a new technique,” says Mike Reavey, director of Microsoft’s Security Response Center.

“So to get people thinking in this area really does require a top-dollar reward.”

Set for launch on June 26, Microsoft is offering the following rewards:

• Mitigation Bypass Bounty:

Microsoft will pay up to $100,000 for "truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview)."

Learning about new exploitation techniques earlier helps Microsoft "improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would."

• BlueHat Bonus for Defence:

Additionally, Microsoft will pay up to $50,000 for defensive ideas that accompany a qualifying Mitigation Bypass submission.

• Internet Explorer 11 Preview Bug Bounty:

Microsoft will also pay up to $11,000 for critical vulnerabilities that affect Internet Explorer 11 Preview on the latest version of Windows (Windows 8.1 Preview).

The entry period for this program will be the first 30 days of the Internet Explorer 11 beta period (June 26 to July 26, 2013).

"Our new bounty programs add fresh depth and flexibility to our existing community outreach programs," Microsoft says in a statement.

"Having these bounty programs provides a way to harness the collective intelligence and capabilities of security researchers to help further protect customers."

Could you exploit Microsoft's software defences? Is $100k enough for your troubles? Tell us your thoughts below

Related stories
Unlocking leadership excellence in the digital age: Satya Nadella's blueprint for tech leaders
SentinelOne makes it to CRN's inaugural AI 100 list
Infinigate launches digital platform to aid business digitalisation
Tech Mahindra & Microsoft launch unified workbench on Fabric
Watch out! There are hidden dangers lurking in your PDFs
Top stories
Check Point boosts email security with new AI-powered features
Adobe Acrobat AI Assistant now widely available as add-on
Akamai unveils cloud solution with NVIDIA GPU for efficient media processing
Why human-centric designed workspaces are key to driving business success
Adobe set to revolutionise video production with new AI tools