Many different websites have bounty programs where they offer a reward to users who manage to find security holes in their websites, Facebook offer a minimum of $500 with no maximum for bugs found and Google offer up several thousand dollars depending on the severity of the bug. Mirosoft have recently announced that it’ll be offering rewards up to $100,000 for “truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview).”
This is the first time Microsoft have offered a reward to users who find bugs in their operating systems, something that both Google and Facebook have been offering for some time. Microsoft has announced three programs that will be launching on June 23rd:
- Mitigation Bypass Bounty. Microsoft will pay up to $100,000 USD for truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview). Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would. TIMEFRAME: ONGOING
- BlueHat Bonus for Defense. Additionally, Microsoft will pay up to $50,000 USD for defensive ideas that accompany a qualifying Mitigation Bypass submission. Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide.TIMEFRAME: ONGOING (in conjunction with the Mitigation Bypass Bounty).
- Internet Explorer 11 Preview Bug Bounty. Microsoft will pay up to $11,000 USD for critical vulnerabilities that affect Internet Explorer 11 Preview on the latest version of Windows (Windows 8.1 Preview). The entry period for this program will be the first 30 days of the Internet Explorer 11 beta period (June 26 to July 26, 2013). Learning about critical vulnerabilities in Internet Explorer as early as possible during the public preview will help Microsoft make the newest version of the browser more secure. TIMEFRAME: 30 DAYS
To find out more check out the official bug bounty page here.