Looking to make some extra cash? Microsoft is looking for hackers, researchers and security experts that can hunt down potential risks in the preview versions of Internet Explorer 11 and Windows 8.1. The company is promising direct cash payments, so you could walk away with as little as $500 or go for the big money and take home $100,000 in your pocket. Talk about burning a hole!
The company is providing three programs: the Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty. For the first, Microsoft claims it will pay up to $100,000 in cash for truly novel exploitation techniques against protections built into Windows 8.1 Preview. Instead of capturing one vulnerability at a time, learning about new exploitation techniques earlier on helps Microsoft improve security by leaps, the company said.
"Additionally, Microsoft will pay up to $50,000 USD for defensive ideas [aka the BlueHat Bonus] that accompany a qualifying Mitigation Bypass submission," Microsoft said. "Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide."
Finally there's the bug bounty for Internet Explorer 11 Preview. This will pay up to $11,000 USD for critical vulnerabilities that affect the new browser on the latest version of Windows (Windows 8.1 Preview). The entry period for this program will be the first thirty days of the Internet Explorer 11 beta period which is June 26 to July 26, 2013.
"Learning about critical vulnerabilities in Internet Explorer as early as possible during the public preview will help Microsoft make the newest version of the browser more secure," the company said.
Microsoft has provided a detailed technical post on the SRD blog that describes the company's preferred structure for submissions. There's also a detailed BlueHat post on Microsoft's philosophy and strategy for bounty programs.