Microsoft offers $250,000 bounty for speculative-execution bugs
by from Techreport on (#3JBZ9)
The January reveal of the Meltdown and Spectre speculative-execution attacks sent ripples through the entire computer industry. Part of Intel's response was a boost in bug-hunting bounties up to a cool quarter-million dollars for finding side-channel vulnerabilities. Microsoft has now joined the party and ponied up a $250,000 bounty of its own for the identification of speculative-execution flaws. Like Intel's payout bump, Microsoft's program has a ticking clock-it'll end when 2019 comes around.
Microsoft's payout program has four tiers, shown in the table below. The biggest award is handed for discovering a new class of speculative-execution attacks. The company has a separate blog post with more technical information ...