Microsoft is doing a great job as the leading software provider. Despite having such a humungous research team and a great team of developers, there comes a time when you can’t determine your flaws and faults. At such a time, an outsider can identify for flaws much better and provide you with a superb solution to it. This is what the recently launched bug bounty program of Microsoft aims to do. Microsoft has opened doors for all the hackers to come on common grounds with them and join hands to enhance the software security and quality.
Have a look!
Bug Bounty is a monetary reward offered to all those people who identify bugs or errors in a running application or reputed software instead of exploiting the users and the company. Such people are generally known as White Hat hackers who decently report bugs to the concerned personnel. This is a great way for hackers to make money in an ethical manner.
Chris Wysopal, co-founder and CTO of Veracode said:
“I think one of the biggest benefits of bug bounty programs is to engage the security research community to work with you and not against you.”
Microsoft’s Bug Bounty Award
Microsoft has finally realized the importance of offering bug bounty to hackers who identify flaws in their software security. Last year in Black Hat conference, they offered a first Blue Hat prize for researchers who develop defensive techniques against all the exploits. The award also followed a $260,000 reward. Microsoft has created a good reputation for working with security Research Company, hiring white hat hackers and hosting the Blue Hat security conferences. This bug bounty award by Microsoft will surely provide a chance to all the hackers convert into white hat hackers and facilitate the software vendors in improving their software security.
How to win Microsoft’s Bug Bounty Award?
Microsoft has recently launched a lucrative offer for all the hackers out there. The offer consists of finding flaws in Windows 8.1 and Internet Explorer 11 which will prove beneficial for them and enhance their career as a security researcher.
Following the Microsoft’s recently announced bounty program that offers around $150,000 for a single exploit, the security researchers can go a long way. Microsoft has divided this bug bounty into three tiers of payment.
The Mitigation Bypass Bounty pays $100,000 for exploits the protection already built-in to the Windows 8.1 operating system.
An additional $50,000 will be given if they provide a working defense to block the identified bypass technique. This will be under the Blue Hat bonus for Defense. All this amounts to $150,000 for a single exploit.
This includes Internet Explorer 11 Preview Bug Bounty. Microsoft has decided to pay $11,000 for critical vulnerabilities affecting the smooth working of Internet Explorer 11 with Windows 8.1.
The Mitigation Bypass Bounty and Blue hat Bonus for Defense will continue till Microsoft announces any date while IE11 Preview Bug Bounty will be for a limited time.
Views about Microsoft’s Bug Bounty Program
The outside world has a general perspective that some researchers feel that they are doing a dirty work for the vendors. This is the work which the vendors should have done themselves without any compensation. A bug bounty program, like the one Microsoft offers, makes the researchers bound to find bugs and keep them a secret until vendor gets it fixed.
However, the Microsoft’s bounty program is going to help it improve it security and software quality for sure. Microsoft has always done a splendid job in counter acting against exploit mitigation technologies and it continues to do so. All for now!