iGyaan Network

Tag: Bounty Program

  • Facebook Teams Up With Microsoft, Offers Bounty For Bugs

    Facebook Teams Up With Microsoft, Offers Bounty For Bugs

    Microsoft has recently announced an extension for its Windows 8.1 bug bounty program, but it turns out that it also wants to make the Internet safer with help from its rivals.

    Facebook and Microsoft joined forces for a new project called Internet Bug Bounty, which encourages hackers and security researchers to submit bugs for cash rewards.

    The Internet Bug Bounty program will pay a minimum for $5,000 for flaws in sandboxed applications or for bugs in fundamental internet technologies such as DNS and SSL. Lower payouts are offered for spotting problems in Ruby, Python, PHP, Apache, Perl, and other software.

    “Our collective safety is only possible when public security research is allowed to flourish. Some of the most critical vulnerabilities in the internet’s history have been resolved thanks to efforts of researchers fueled entirely by curiosity and altruism,” the Facebook and Microsoft said on the bounty program’s website.

    “We owe these individuals an enormous debt and believe it is our duty to do everything in our power to cultivate a safe, rewarding environment for past, present, and future researchers.”

    To qualify, flaws must found in code that is in widespread use, of serious or critical severity, or be an unusual or novel hack that no one has thought of as yet. Once reported and verified, software providers will have 180 days to fix the problem before any announcement is made of money paid out.

    The 10-person judging panel is dominated by Microsoft and Facebook staff, but there will be input from Google’s security researcher Chris Evans, director of security engineering at Etsy Zane Lackey, and penetration tester from iSec Jesse Burns.

    The contest is open to anyone in the world, except those countries under US trade embargo. There’s no age limit, but if you’re not yet a teenager then a parent or guardian will have to claim the money for you.

  • Microsoft Pays Out First $100,000 Bounty For Finding Windows 8.1 Bug

    Microsoft Pays Out First $100,000 Bounty For Finding Windows 8.1 Bug

    Today, Microsoft announced one researcher, James Forshaw, has been awarded a whopping $100,000 for finding and reporting a new mitigation bypass exploit in Windows 8.1.

    James Forshaw, who heads vulnerability research at London-based security consulting firm Context Information Security, won Microsoft’s first US$100,000 bounty for identifying a new “exploitation technique” in Windows, which will allow it to develop defenses against an entire class of attacks, the software maker said on Tuesday. 

    Forshaw earned another US$9,400 for identifying security bugs in a preview release of Microsoft’s Internet Explorer 11 browser, Katie Moussouris, senior security strategist with Microsoft Security Response Center, said in a blog. 

    “Coincidentally, one of our brilliant engineers at Microsoft, Thomas Garnier, had also found a variant of this class of attack technique. Microsoft engineers like Thomas are constantly evaluating ways to improve security, but James’ submission was of such high quality and outlined some other variants such that we wanted to award him the full $100,000 bounty,” Microsoft explained.

    Microsoft has now paid out over $128,000 in bug bounties. Six “very smart people” received the prizes, said Moussouris.

    Not all of them kept the cash. Ivan Fratric of the Google security team was awarded $1,100 for finding an Internet Explorer 11 (IE 11) bug, but donated it to the Save the Children Fund. Fermin Serna, also from Google, gave $500 for finding a bug in the IE 11 Preview release to the Seattle Humane Society.

     

  • Microsoft Giving Away $100,000 Rewards For Finding Windows 8.1 Security Flaws

    Microsoft Giving Away $100,000 Rewards For Finding Windows 8.1 Security Flaws

    If you’re good enough with code, perhaps you can make some good money digging up bugs for Microsoft.

    Microsoft is offering what it calls a ‘Bounty Program’ to finding exploits and vulnerabilities for Windows 8.1.  Google has had a similar program for its Chrome web browser for quite some time now, though not offering as much money.

    The new exploitation method must not be one that Microsoft already knows or that has been described in prior works and the submission must also include a white paper explaining the method.

    The biggest one is the Mitigation Bypass Bounty, which will pay up to $100,000 to developers who find “truly novel exploitation techniques” in Windows 8.1.

    Any successful hacker can earn an additional $50,000 “BlueHat Bonus” if they can tell Redmond how to fix a major flaw in the operating system. In addition, there’s an $11,000 bounty on Internet Explorer 11 Preview Edition vulnerabilities – but with a 30 day time limit – presumably so that any new problems can be fixed in time for the final release.

    “Microsoft will pay up to $100,000 for truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview). Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would,” the company explained.

    That program begins on June 26 but will end 30 days later on July 26th. More details on all three bounty programs, including some advice on how to submit a good exploit report, can be found here.

    The company is set to introduce the new Windows 8.1 Preview at the BUILD developer conference in San Francisco on June 26th as well.

iGyaan Network
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.