Microsoft expands bug bounty program to cover any Windows flaw

by
Peter Bright
from Ars Technica - All content on (#2XHRK)
cash-bug.jpg

Some bugs aren't worth very much cash. (credit: Daniel Novta)

Microsoft today announced a new bug bounty scheme that would see anyone finding a security flaw in Windows eligible for a payout of up to $15,000.

The company has been running bug bounty programs, wherein security researchers are financially rewarded for discovering and reporting exploitable flaws, since 2013. Back then, Microsoft was paying up to $11,000 for bugs in Internet Explorer 11. In the years since then, Microsoft's bounty schemes have expanded with specific programs offering rewards for those finding flaws in the Hyper-V hypervisor, Windows' wide range of exploit mitigation systems such as DEP and ASLR, and the Edge browser.

Many of these bounty programs were time-limited, covering software during its beta/development period but ending once it was released. This structure is an attempt to attract greater scrutiny before exploits are distributed to regular end-users. Last month, the Edge bounty program was made an ongoing scheme no longer tied to any particular timeframe.

Read 2 remaining paragraphs | Comments

index?i=N1T98TrBx-M:-V580nXEr9E:V_sGLiPB index?i=N1T98TrBx-M:-V580nXEr9E:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments