Sign In

Communications of the ACM

ACM TechNews

Microsoft ­nleashes Bug Bounty Program--for Betas, Too


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A bughunter.

Microsoft's bug bounty programs pays those who identify security vulnerabilities ("bugs") in its software.

Credit: Greg Broadmore

Microsoft recently announced plans to launch three bug bounty programs, which are designed to eliminate security vulnerabilities in its software before and after its products are released.

The bug bounty programs will specifically include the company's pre-release software, such as Internet Explorer 11 preview, helping Microsoft stamp out bugs before its products are released into the general public.

Most Internet Explorer 10 security bugs were disclosed after the browser was pushed out into the wild because only then could the researchers receive a financial reward for their discoveries through a third-party broker, according to Microsoft. "When brokers offered money, researchers reported them, so during the betas there was no incentive to report them," says Microsoft's Katie Moussouris. "Microsoft wants to fill that gap."

Microsoft is splitting its security strengthening efforts across three programs, with bounty rewards ranging from $11,000 to $100,000. All three bug bounty programs start on June 26 and continue on an ongoing basis, and anyone is eligible, including researchers from rival firms and anyone 14 years of age or older.

"This is the smartest thing we can do," Moussouris says. "A few years ago, most researchers were going to Microsoft directly. We want to bring that back."

From ZDNet
View Full Article

 

Abstracts Copyright © 2013 Information Inc., Bethesda, Maryland, USA


 

No entries found