It’s not often that a software company will reward people for coming up with ways to exploit protections built into its operating systems.
But that’s what Microsoft is doing with some new programs, launching June 26, that offer cash awards for those who can find ways to get around the protections in Windows 8.1 Preview, and those who can find critical vulnerabilities in Internet Explorer 11 Preview, which will be on Windows 8.1 Preview.
(Microsoft is planning to release Windows 8.1 Preview next week, coinciding with its Build developers conference.)
The programs are:
Mitigation Bypass Bounty – Microsoft will pay up to $100,000 for “truly novel exploitation techniques” against protections built in to Windows 8.1 Preview. (“Mitigation bypasses” are techniques of going around the protections in a system.) This program will be ongoing.
“Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would,” Microsoft said in its posting about the program.
In addition, Microsoft will award up to $50,000 in its BlueHat Bonus for Defense program for defensive ideas that block a qualifying Mitigation Bypass submission. This program is ongoing.
Internet Explorer 11 Preview Bug Bounty – Microsoft will pay up to $11,000 for critical vulnerabilities that affect IE11 Preview on Windows 8.1 Preview. This program ends July 26.
More details of the programs are available here.