The official public preview version of Windows 8.1 is set to arrive next week, and with it will come the first preview of Internet Explorer 11. And now Microsoft has announced three new bounty programs offering cold hard cash to those that can find exploits in the new OS and web browser.
A post on the TechNet security blog announced the bounty programs:
“It’s very exciting to finally take the wraps off of these initiatives and we are anticipating some great submissions from the security research community! These programs will allow us to reward great work by researchers and improve the security of our software – all to the benefit of our customers.
Also, we just like to analyze and fix cool bugs!”
Yeah, and who doesn’t? Software (and even hardware) bugs are born to be quashed.
Jokes aside, this is a pretty splendid initiative — one that encourages security experts and technology geniuses with an incentive to put the company’s latest products through the paces. And the end result is, of course, enhanced protection for users and enterprises that deploy them.
The biggest of the three is the Mitigation Bypass Bounty which will pay up to $100,000 to developers that find truly novel exploitation techniques in Windows 8.1. The second one is the BlueHat Bonus for Defense, offering up to $50,000 for defensive ideas that block a qualifying mitigation bypass technique.
Internet Explorer 11 gets its own separate bounty program, where Microsoft is offering up to $11,000 (ha!) for anyone that find critical vulnerabilities in the public preview build of the upcoming browser.
The bounty programs will begin when the public preview version of Windows 8.1 is officially released on June 26. The first two are ongoing programs, while the third one (for IE 11) ends in 30 days after starting. And that means July 26.
Redmond has also posted more details on all three bounty programs here in a separate blog post, along with advice on how to submit a good exploit report.