Microsoft Paying to Find Security Bugs in IE11 Beta, Win 8.1

Looking to make some extra cash? Microsoft is looking for hackers, researchers and security experts that can hunt down potential risks in the preview versions of Internet Explorer 11 and Windows 8.1. The company is promising direct cash payments, so you could walk away with as little as $500 or go for the big money and take home $100,000 in your pocket. Talk about burning a hole!

The company is providing three programs: the Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty. For the first, Microsoft claims it will pay up to $100,000 in cash for truly novel exploitation techniques against protections built into Windows 8.1 Preview. Instead of capturing one vulnerability at a time, learning about new exploitation techniques earlier on helps Microsoft improve security by leaps, the company said.

"Additionally, Microsoft will pay up to $50,000 USD for defensive ideas [aka the BlueHat Bonus] that accompany a qualifying Mitigation Bypass submission," Microsoft said. "Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide."

Finally there's the bug bounty for Internet Explorer 11 Preview. This will pay up to $11,000 USD for critical vulnerabilities that affect the new browser on the latest version of Windows (Windows 8.1 Preview). The entry period for this program will be the first thirty days of the Internet Explorer 11 beta period which is June 26 to July 26, 2013.

"Learning about critical vulnerabilities in Internet Explorer as early as possible during the public preview will help Microsoft make the newest version of the browser more secure," the company said.

Microsoft has provided a detailed technical post on the SRD blog that describes the company's preferred structure for submissions. There's also a detailed BlueHat post on Microsoft's philosophy and strategy for bounty programs.

Create a new thread in the US News comments forum about this subject
This thread is closed for comments
11 comments
Comment from the forums
    Your comment
  • cscott_it
    Well, it's about time they started paying for bug hunts. I appreciate how much they've improved security and patching since the days of XP - but this will give private white-hat and grey-hat entities a bigger drive to turn that information over to Microsoft first. Which, I think is a big win for consumers.
    0
  • lockhrt999
    In other news: Microsoft went bankrupt.
    0
  • acerace
    Anonymous said:
    In other news: Microsoft went bankrupt.


    $100K to them is nothing. Even if there's a lot of bugs found.
    0