Microsoft Launches $100K Bug Bounty Program

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
A $100k bug bounty program? Some of you guys could make a serious chunk of change doing this.

The programs include a $100,000 payout for mitigation-bypass vulnerabilities uncovered in its software products, a $50,000 payout on top of this for a solution that will fix the vulnerability, and $11,000 for any bugs found in the preview release of its upcoming Internet Explorer 11 browser software.
 
What about glarings bugs that aren't security related in their current stuff?
 
I found a bug: the start menu is missing.

Unfortunately it looks like they aren't offering payouts for pointing out stupid design decisions.
 
My solution , stop making browsers if you don't have the people that are willing to write and verify their own code.

You can use them on useful projects and not have to worry about your program (for the 11th time) being the worst backdoor in history of you attempt at an "Operating System"
 
My solution , stop making browsers if you don't have the people that are willing to write and verify their own code.

You can use them on useful projects and not have to worry about your program (for the 11th time) being the worst backdoor in history of you attempt at an "Operating System"

Microsoft is really just jumping on the bug bounty bandwagon. Mozilla and Google both had bug bounty programs for a while now. Granted the payout isn't as high right now.

http://www.mozilla.org/security/bug-bounty.html
http://www.google.com/about/appsecurity/reward-program/

(The Google one specifically mentions their apps suite, but the pwn2own competition pays out for bugs in Chrome)
 
My solution , stop making browsers if you don't have the people that are willing to write and verify their own code.

You can use them on useful projects and not have to worry about your program (for the 11th time) being the worst backdoor in history of you attempt at an "Operating System"

Lots of companies do this. In fact, I find that it's an awesome approach.

Someone who would otherwise use the vulnerability that could cause harm, to where they could make money now they have the chance to just report that bug, be perfectly legal AND make a good bit of change in the process.

What better way than to pay the hackers hacking into your systems?
 
I wonder if they pay for bugs in Visual Studio. I have run across quite a lot of stuff that doesn't work as documented by MS.
 
I wonder if they pay for bugs in Visual Studio. I have run across quite a lot of stuff that doesn't work as documented by MS.

I have worked at a more or less exclusive Microsoft-shop, large business for the past 9 years. I truly, TRULY believe Microsoft does not use their own products.
 
I never understood how people find these bugs in the first place, I guess you have to be a expert app developer or someone already in the software dev/qa industry to know wtf you are doing..
 

That right there explains a lot, especially the reasons why my high level Cobol teacher could almost always get my code to crash even after I had spent hours trying different things to get my code to crash.

Cobol - super frustrating - programming language written by a woman - worst pile of backwardness ever in regards to programming languages.
Cobol teacher making your tested code crash - even more frustrating.
 
Back
Top