Sign in with
Sign up | Sign in

Microsoft Paying to Find Security Bugs in IE11 Beta, Win 8.1

By - Source: Microsoft | B 11 comments

Looking to make some extra cash? Microsoft is looking for hackers, researchers and security experts that can hunt down potential risks in the preview versions of Internet Explorer 11 and Windows 8.1. The company is promising direct cash payments, so you could walk away with as little as $500 or go for the big money and take home $100,000 in your pocket. Talk about burning a hole!

The company is providing three programs: the Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty. For the first, Microsoft claims it will pay up to $100,000 in cash for truly novel exploitation techniques against protections built into Windows 8.1 Preview. Instead of capturing one vulnerability at a time, learning about new exploitation techniques earlier on helps Microsoft improve security by leaps, the company said.

"Additionally, Microsoft will pay up to $50,000 USD for defensive ideas [aka the BlueHat Bonus] that accompany a qualifying Mitigation Bypass submission," Microsoft said. "Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide."

Finally there's the bug bounty for Internet Explorer 11 Preview. This will pay up to $11,000 USD for critical vulnerabilities that affect the new browser on the latest version of Windows (Windows 8.1 Preview). The entry period for this program will be the first thirty days of the Internet Explorer 11 beta period which is June 26 to July 26, 2013.

"Learning about critical vulnerabilities in Internet Explorer as early as possible during the public preview will help Microsoft make the newest version of the browser more secure," the company said.

Microsoft has provided a detailed technical post on the SRD blog that describes the company's preferred structure for submissions. There's also a detailed BlueHat post on Microsoft's philosophy and strategy for bounty programs.

Display 11 Comments.
This thread is closed for comments
  • 0 Hide
    cscott_it , June 20, 2013 5:05 AM
    Well, it's about time they started paying for bug hunts. I appreciate how much they've improved security and patching since the days of XP - but this will give private white-hat and grey-hat entities a bigger drive to turn that information over to Microsoft first. Which, I think is a big win for consumers.
  • 0 Hide
    lockhrt999 , June 20, 2013 5:52 AM
    In other news: Microsoft went bankrupt.
  • 0 Hide
    acerace , June 20, 2013 7:50 AM
    Quote:
    In other news: Microsoft went bankrupt.


    $100K to them is nothing. Even if there's a lot of bugs found.
  • 0 Hide
    vmem , June 20, 2013 8:35 AM
    now THAT is the right way to beta test... makes me want to give IE11 a test drive
  • 0 Hide
    sean1357 , June 20, 2013 10:59 AM
    Nice work Microsft... With more than $60 billions cash in their pocket. I can't wait to get iOS7 on my 5 iPad devices...
  • 0 Hide
    Chairman Ray , June 20, 2013 11:40 AM
    I'm totally on it!
  • 0 Hide
    PadaV4 , June 20, 2013 12:19 PM
    Quote:
    my buddy's aunt makes $88 every hour on the internet. She has been laid off for 10 months but last month her pay was $12227 just working on the internet for a few hours. Read more on this site ...www.microsoftpaysyou.ℂom

    So i guess she is finding bugs in Microsoft products? O_o
  • 0 Hide
    JPNpower , June 20, 2013 1:10 PM
    Yeah, just get them pesky hackers to work FOR you instead of AGAINST you. truly awesome.
  • 0 Hide
    bit_user , June 20, 2013 10:09 PM
    I was expecting to see mere token amounts, but it's nice to see them putting some real money into this to make it worthwhile for skilled practicioners.
  • 0 Hide
    bit_user , June 20, 2013 10:13 PM
    > The company is promising direct cash payments

    If they want real hackers, they should pay in bitcoin.
  • 0 Hide
    JPNpower , June 21, 2013 6:25 AM
    Quote:
    > The company is promising direct cash payments

    If they want real hackers, they should pay in bitcoin.


    might as well use Microsoft stock option.