Like Us on Facebook:
If you don’t know yet, Microsoft is offerings up to $100,000 in exchange for finding vulnerabilities and exploits in the upcoming Windows 8.1 Preview which is expected to launch on June 26, the same time as the Microsoft Build Developer Conference.
Qualifying submissions with accompanying defensive ideas will also be eligible for a BlueHat Bonus worth up to $50,000. “These are super challenging to discover and they require a new technique,” says Mike Reavey, director of Microsoft’s Security Response Center.
Windows 8.1 is a major update to Microsoft's brand new operating system Windows 8, and given the serious bounty on offer, Microsoft clearly wants to leave nothing to chance as far as securing the operating system is concerned.
"Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would," he said.
Microsoft’s senior security strategist, Katie Moussouris, noted that the company is giving out rewards because Microsoft doesn’t want to wait for another competition to learn about exploitation techniques.
Also Microsoft is offering up to $11,000 for critical vulnerabilities that affect Internet Explorer 11 Preview in Windows 8.1 Preview. "Most organization don’t offer bounties for software in beta, so some researchers would hold onto vulnerabilities until the code is released to manufacturing,".
Taking such steps is part of a smart strategy on Microsoft’s behalf to make sure users get the finest experience out of the yet-to-be-released update with as a best user security ensured as possible.
Microsoft is not the first company to start this kind of program. Many companies launched similar programs in order to find exploits and improve their products.
The bounty being offered by Microsoft will be the highest by a tech company for a bug bounty reward program. The web giant Google reportedly pay between $500 and $1,333.70 for flaws in its web browser Google Chrome and up to $20,000 for dangerous vulnerabilities in its web services like search engine Google, video web search Youtube, web-based email service Gmail, etc
Like Us on Facebook:
Subscribe for Latest News