Microsoft Paying to Find Security Bugs in IE11 Beta, Win 8.1
Looking to make some extra cash? Microsoft is looking for hackers, researchers and security experts that can hunt down potential risks in the preview versions of Internet Explorer 11 and Windows 8.1. The company is promising direct cash payments, so you could walk away with as little as $500 or go for the big money and take home $100,000 in your pocket. Talk about burning a hole!
The company is providing three programs: the Mitigation Bypass Bounty, the BlueHat Bonus for Defense, and the Internet Explorer 11 Preview Bug Bounty. For the first, Microsoft claims it will pay up to $100,000 in cash for truly novel exploitation techniques against protections built into Windows 8.1 Preview. Instead of capturing one vulnerability at a time, learning about new exploitation techniques earlier on helps Microsoft improve security by leaps, the company said.
"Additionally, Microsoft will pay up to $50,000 USD for defensive ideas [aka the BlueHat Bonus] that accompany a qualifying Mitigation Bypass submission," Microsoft said. "Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide."
Finally there's the bug bounty for Internet Explorer 11 Preview. This will pay up to $11,000 USD for critical vulnerabilities that affect the new browser on the latest version of Windows (Windows 8.1 Preview). The entry period for this program will be the first thirty days of the Internet Explorer 11 beta period which is June 26 to July 26, 2013.
"Learning about critical vulnerabilities in Internet Explorer as early as possible during the public preview will help Microsoft make the newest version of the browser more secure," the company said.
Microsoft has provided a detailed technical post on the SRD blog that describes the company's preferred structure for submissions. There's also a detailed BlueHat post on Microsoft's philosophy and strategy for bounty programs.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
-
cscott_it Well, it's about time they started paying for bug hunts. I appreciate how much they've improved security and patching since the days of XP - but this will give private white-hat and grey-hat entities a bigger drive to turn that information over to Microsoft first. Which, I think is a big win for consumers.Reply -
acerace 11005998 said:In other news: Microsoft went bankrupt.
$100K to them is nothing. Even if there's a lot of bugs found. -
sean1357 Nice work Microsft... With more than $60 billions cash in their pocket. I can't wait to get iOS7 on my 5 iPad devices...Reply -
PadaV4
So i guess she is finding bugs in Microsoft products? O_o11008040 said:my buddy's aunt makes $88 every hour on the internet. She has been laid off for 10 months but last month her pay was $12227 just working on the internet for a few hours. Read more on this site ...www.microsoftpaysyou.ℂom -
JPNpower Yeah, just get them pesky hackers to work FOR you instead of AGAINST you. truly awesome.Reply -
bit_user I was expecting to see mere token amounts, but it's nice to see them putting some real money into this to make it worthwhile for skilled practicioners.Reply
-
bit_user > The company is promising direct cash paymentsReply
If they want real hackers, they should pay in bitcoin.