Microsoft offers $100K bug bounty for Windows 8.1

Tools

As part of a bug bounty program, Microsoft is offering a $100,000 "Mitigation Bypass Bounty" to the first security researcher who can break into the preview version of the Windows 8.1 operating system. In addition, the software giant will also hand over an additional $50,000 if the successful submission comes with "defensive ideas."

Microsoft (NASDAQ: MSFT) also announced that it would also pay up to $11,000 for exploits involving the preview version of Internet Explorer 11.

Microsoft has for years refused to offer any financial incentive to hackers who come forward with exploitable security flaws in its products, so this move is a dramatic turnaround for the company.

While its executives say Microsoft has changed its mind after seeing the results from prominent bug buying programs, such as the annual Pwn2Own hacking competition, the other reason for this change could be the growing market of government and black market buyers looking to leverage working security exploits.

But why offer it for a pre-release product, such as Windows 8.1 and IE 11?

"[Most organization] don't offer bounties for software in beta, so some researchers would hold onto vulnerabilities until the code is released to manufacturing," reported Forbes, citing Microsoft's senior security strategist Katie Moussouris. "Learning about these vulnerabilities earlier is always better for us and for our customers."

You can read more about Microsoft's security bounty program on its Microsoft Security Response Center blog here.

For more:
- check out this article at The Inquirer
- check out this article at Forbes

Related Articles:
Microsoft joins bug bounty party with up to $100K grand prize
Microsoft pulls security update after it causes 'blue screen of death'

Filed Under