Microsoft Joining Intel in Offering $250K Bounty for Speculative Execution Bugs

[DooKey]

Microsoft isn't the most loved company around, but this time they are doing something good and putting their money where their mouth is and offering up to a $250K bounty for finding vulnerabilities like Spectre. Intel is offering the same kind of cash and I guess Microsoft thought it might be a good idea for them to do the same. I don't know about anyone else, but this is a good move and I hope it bears fruit. Go grab that cash security researchers. Check out their FAQ.

Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods,” the company explained. “This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues.”

 

[Galvin]

Windows has an unlimited supply of bugs. Lots of money to be made

 

[andrewaggb]

It's better to fund it and have control. Part of the program is about how things are disclosed so that you won't get blindsided like AMD just did.

 

[MRAB54]

Nobody to blame but themselves. I find it incredibly hard to believe the chip designers couldn't see the potential risk. But performance sells so..

 

[katanaD]

man.. they are totally missing an opportunity here...

what they should do is to make their own crypto coin.. M$coin

and then pay people to find bugs with said M$coin

instead of real money

 

[Sikkyu]

It's better to fund it and have control. Part of the program is about how things are disclosed so that you won't get blindsided like AMD just did.

Did you buy that BS hit piece that just came out without any real proof? If so have I got the best bridge to sell you