Microsoft Launches $100K Bug Bounty Program

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
A $100k bug bounty program? Some of you guys could make a serious chunk of change doing this.

The programs include a $100,000 payout for mitigation-bypass vulnerabilities uncovered in its software products, a $50,000 payout on top of this for a solution that will fix the vulnerability, and $11,000 for any bugs found in the preview release of its upcoming Internet Explorer 11 browser software.
 

cyclone3d

[H]F Junkie
Joined
Aug 16, 2004
Messages
13,798
What about glarings bugs that aren't security related in their current stuff?
 

DeathFromBelow

Supreme [H]ardness
Joined
Jul 15, 2005
Messages
7,316
I found a bug: the start menu is missing.

Unfortunately it looks like they aren't offering payouts for pointing out stupid design decisions.
 

Pieter3dnow

Supreme [H]ardness
Joined
Jul 29, 2009
Messages
6,784
My solution , stop making browsers if you don't have the people that are willing to write and verify their own code.

You can use them on useful projects and not have to worry about your program (for the 11th time) being the worst backdoor in history of you attempt at an "Operating System"
 

Blackjack

[H]ard|Gawd
Joined
Oct 29, 2007
Messages
1,327
My solution , stop making browsers if you don't have the people that are willing to write and verify their own code.

You can use them on useful projects and not have to worry about your program (for the 11th time) being the worst backdoor in history of you attempt at an "Operating System"

Microsoft is really just jumping on the bug bounty bandwagon. Mozilla and Google both had bug bounty programs for a while now. Granted the payout isn't as high right now.

http://www.mozilla.org/security/bug-bounty.html
http://www.google.com/about/appsecurity/reward-program/

(The Google one specifically mentions their apps suite, but the pwn2own competition pays out for bugs in Chrome)
 
D

Deleted member 88227

Guest
My solution , stop making browsers if you don't have the people that are willing to write and verify their own code.

You can use them on useful projects and not have to worry about your program (for the 11th time) being the worst backdoor in history of you attempt at an "Operating System"

Lots of companies do this. In fact, I find that it's an awesome approach.

Someone who would otherwise use the vulnerability that could cause harm, to where they could make money now they have the chance to just report that bug, be perfectly legal AND make a good bit of change in the process.

What better way than to pay the hackers hacking into your systems?
 

cyclone3d

[H]F Junkie
Joined
Aug 16, 2004
Messages
13,798
I wonder if they pay for bugs in Visual Studio. I have run across quite a lot of stuff that doesn't work as documented by MS.
 

Monkey God

Mangina Full of Sand
Joined
May 7, 2007
Messages
6,723
I wonder if they pay for bugs in Visual Studio. I have run across quite a lot of stuff that doesn't work as documented by MS.

I have worked at a more or less exclusive Microsoft-shop, large business for the past 9 years. I truly, TRULY believe Microsoft does not use their own products.
 

Techx

Supreme [H]ardness
Joined
Dec 30, 2002
Messages
4,380
I never understood how people find these bugs in the first place, I guess you have to be a expert app developer or someone already in the software dev/qa industry to know wtf you are doing..
 

cyclone3d

[H]F Junkie
Joined
Aug 16, 2004
Messages
13,798

That right there explains a lot, especially the reasons why my high level Cobol teacher could almost always get my code to crash even after I had spent hours trying different things to get my code to crash.

Cobol - super frustrating - programming language written by a woman - worst pile of backwardness ever in regards to programming languages.
Cobol teacher making your tested code crash - even more frustrating.
 
Top