Microsoft announces bounty program
Posted by: TimW on 07/13/2013 02:46 PM
[
Comments
]
Just a few weeks after Microsoft announced its bug bounty program, it is already set to pay out a reward to a researcher from Google who discovered a vulnerability in Internet Explorer 11.
Ivan Fratric, a security engineer at Google, is the first to receive the reward for a potential memory corruption vulnerability in the browser. “Our goal was not to directly compete with the black (or even grey) market. Rather, our goal was to attract those researchers who are currently willing to sell in the white market, and get them to come forward directly to us a lot earlier,” said Katie Moussouris, senior security strategist at Microsoft.
“It’s not about offering the most money, but rather about putting attractive bounties out at times where there are few buyers (if any). For our products, that tends to be during the preview (or beta) period.
“Trying to be the highest bidder is a checkers move, and we’re playing chess.”
In addition to the IE 11 reward program, Microsoft also is offering bounties of up to $100,000 for new offensive techniques that can bypass all of the existing exploit mitigations in the latest version of Windows, beginning with 8.1. The company will have judges at Black Hat later this month to evaluate entries live at the conference.
Ivan Fratric, a security engineer at Google, is the first to receive the reward for a potential memory corruption vulnerability in the browser. “Our goal was not to directly compete with the black (or even grey) market. Rather, our goal was to attract those researchers who are currently willing to sell in the white market, and get them to come forward directly to us a lot earlier,” said Katie Moussouris, senior security strategist at Microsoft.
“It’s not about offering the most money, but rather about putting attractive bounties out at times where there are few buyers (if any). For our products, that tends to be during the preview (or beta) period.
“Trying to be the highest bidder is a checkers move, and we’re playing chess.”
In addition to the IE 11 reward program, Microsoft also is offering bounties of up to $100,000 for new offensive techniques that can bypass all of the existing exploit mitigations in the latest version of Windows, beginning with 8.1. The company will have judges at Black Hat later this month to evaluate entries live at the conference.
Comments
