Microsoft Giving Away $100,000 Rewards For Finding Windows 8.1 Security Flaws
If you’re good enough with code, perhaps you can make some good money digging up bugs for Microsoft.
Microsoft is offering what it calls a ‘Bounty Program’ to finding exploits and vulnerabilities for Windows 8.1. Google has had a similar program for its Chrome web browser for quite some time now, though not offering as much money.
The new exploitation method must not be one that Microsoft already knows or that has been described in prior works and the submission must also include a white paper explaining the method.
The biggest one is the Mitigation Bypass Bounty, which will pay up to $100,000 to developers who find “truly novel exploitation techniques” in Windows 8.1.
Any successful hacker can earn an additional $50,000 “BlueHat Bonus” if they can tell Redmond how to fix a major flaw in the operating system. In addition, there’s an $11,000 bounty on Internet Explorer 11 Preview Edition vulnerabilities – but with a 30 day time limit – presumably so that any new problems can be fixed in time for the final release.
“Microsoft will pay up to $100,000 for truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview). Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would,” the company explained.
That program begins on June 26 but will end 30 days later on July 26th. More details on all three bounty programs, including some advice on how to submit a good exploit report, can be found here.
The company is set to introduce the new Windows 8.1 Preview at the BUILD developer conference in San Francisco on June 26th as well.