June 19th, 2013, 20:59 PM
Microsoft Launches $100K Bug Bounty Program
After years of benefiting from the bug bounty programs of other companies, Microsoft is finally stepping into the bug bounty business itself by offering three new programs to encourage and compensate researchers who find vulnerabilities in the company’s software.
The programs include a $100,000 payout for mitigation-bypass vulnerabilities uncovered in its software products, a $50,000 payout on top of this for a solution that will fix the vulnerability, and $11,000 for any bugs found in the preview release of its upcoming Internet Explorer 11 browser software.
“We think there’s not a one-size-fits-all bounty program, so we’re announcing three bounty programs,” said Mike Reavey, director of Microsoft’s Security Response Center.
“If you find a way to bypass one of our shields but you also have an idea how to plug the hole, we’ll throw in an additional $50,000,” he said, referring to the second program, which goes a step beyond what traditional bounty programs generally do.
Microsoft’s move comes after years of being criticized for not compensating researchers for the hard work they do in finding and disclosing bugs, even though the company benefited greatly from the free work done by those who uncovered and disclosed security vulnerabilities in its software.