Money for a cure! Microsoft Offers researchers bounty for bug fixes
Microsoft will dish out rewards up to a combined $161,000 to security researchers who detect bugs in its previews of Internet Explorer 11 and Windows 8.1.
The company is running three bug bounty programmes from this month. The most lucrative, the mitigation bypass bounty, offers up to $100,000 to researchers detecting "truly novel" ways to bypass Windows 8.1’s defences. Researchers can pocket a further $50,000 if they come up with ways to defend against those bypass techniques.
Finally, the IE11 preview bug bounty offers up to $11,000 for critical vulnerabilities that affect the preview of the browser on Windows 8.1.
The size of the cash rewards will depend on the quality of submissions, said Microsoft in the scheme’s guidelines.
Winning the $50,000 defence bonus requires a whitepaper describing a "robust" mitigation for any qualifying exploitation. The programmes are expected to run on an on-going basis from the release of the preview of Windows 8.1, expected at Microsoft’s Build conference later this month.
The IE11 bug programme will run from June 26 to July 26, so Microsoft can identify as much vulnerability as possible before the final version’s release.
Other tech firms already offer similar programs. Google has handed out $1.7 million over three years, including prizes as big as $60,000.
Facebook said it has paid out up to $1 million since it began its programme two years ago. Adobe does not offer bounties, though it brings in hackers as temporary consultants to help fix problems that they identify.