Microsoft Paying to Find Security Bugs in IE11 Beta, Win 8.1

Looking to make some extra cash? Microsoft is looking for hackers, researchers and security experts that can hunt down potential risks in the preview versions of Internet Explorer 11 and Windows 8.1. The company is promising direct cash payments, so you could walk away with as little as $500 or go for the big money and take home $100,000 in your pocket. Talk about burning a hole!

The company is providing three programs: the Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty. For the first, Microsoft claims it will pay up to $100,000 in cash for truly novel exploitation techniques against protections built into Windows 8.1 Preview. Instead of capturing one vulnerability at a time, learning about new exploitation techniques earlier on helps Microsoft improve security by leaps, the company said.

"Additionally, Microsoft will pay up to $50,000 USD for defensive ideas [aka the BlueHat Bonus] that accompany a qualifying Mitigation Bypass submission," Microsoft said. "Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide."

Finally there's the bug bounty for Internet Explorer 11 Preview. This will pay up to $11,000 USD for critical vulnerabilities that affect the new browser on the latest version of Windows (Windows 8.1 Preview). The entry period for this program will be the first thirty days of the Internet Explorer 11 beta period which is June 26 to July 26, 2013.

"Learning about critical vulnerabilities in Internet Explorer as early as possible during the public preview will help Microsoft make the newest version of the browser more secure," the company said.

Microsoft has provided a detailed technical post on the SRD blog that describes the company's preferred structure for submissions. There's also a detailed BlueHat post on Microsoft's philosophy and strategy for bounty programs.

TOPICS

Kevin Parrish has over a decade of experience as a writer, editor, and product tester. His work focused on computer hardware, networking equipment, smartphones, tablets, gaming consoles, and other internet-connected devices. His work has appeared in Tom's Hardware, Tom's Guide, Maximum PC, Digital Trends, Android Authority, How-To Geek, Lifewire, and others.

11 Comments Comment from the forums

cscott_it

Well, it's about time they started paying for bug hunts. I appreciate how much they've improved security and patching since the days of XP - but this will give private white-hat and grey-hat entities a bigger drive to turn that information over to Microsoft first. Which, I think is a big win for consumers.
Reply
lockhrt999

In other news: Microsoft went bankrupt.
Reply
acerace

11005998 said:
In other news: Microsoft went bankrupt.

$100K to them is nothing. Even if there's a lot of bugs found.
Reply
vmem

now THAT is the right way to beta test... makes me want to give IE11 a test drive
Reply
sean1357

Nice work Microsft... With more than $60 billions cash in their pocket. I can't wait to get iOS7 on my 5 iPad devices...
Reply
Chairman Ray

I'm totally on it!
Reply
PadaV4

11008040 said:
my buddy's aunt makes $88 every hour on the internet. She has been laid off for 10 months but last month her pay was $12227 just working on the internet for a few hours. Read more on this site ...www.microsoftpaysyou.ℂom
So i guess she is finding bugs in Microsoft products? O_o
Reply
JPNpower

Yeah, just get them pesky hackers to work FOR you instead of AGAINST you. truly awesome.
Reply
bit_user

I was expecting to see mere token amounts, but it's nice to see them putting some real money into this to make it worthwhile for skilled practicioners.

Reply
bit_user

> The company is promising direct cash payments

If they want real hackers, they should pay in bitcoin.

Reply

Show more comments