Microsoft announced the new security bounty programs last year and it have now paid out over $253,000 over to various security experts around the world. In October last year, Microsoft announced their first ever $100,000 bounty for James Forshaw for finding a new class of attack technique on Microsoft’s products. Recently, Microsoft awarded another $100,000 bounty for Yu Yang (@tombkeeper) from NSFOCUS Security Labs. The following researchers have submitted a qualifying vulnerability or new mitigation bypass techniques to Microsoft as part of the Microsoft Security Response Center (MSRC) Bounty Programs. We thank them greatly for their participation and for working with us to help keep customers safe. Yu Yang (@tombkeeper), NSFOCUS Security Labs Mitigation Bypass variants – $100,000 Yu Yang tweeted the following, @k8em0 In order to express my thanks for your congratulation, maybe I should submit more. — Yang Yu (@tombkeeper) February 15, 2014 Source: Microsoft via: Neowin ...

Read More →

Microsoft is offering what it calls a ‘Bounty Program’ to finding exploits and vulnerabilities for Windows 8.1.  Google has had a similar program for its Chrome web browser for quite some time now, though not offering as much money.  This programs is a win-win for Microsoft and consumers, as exploits do not get out into the wild and Microsoft has a more secure OS and browser. Microsoft is now offering direct cash payments in exchange for reporting certain types of vulnerabilities and exploitation techniques. In 2002, we pioneered the Trustworthy Computing initiative to emphasize our commitment to doing what we believe best helps improve our customers’ computing experience. In the years since, we introduced the Security Development Lifecycle (SDL) process to build more secure technologies. We also championed Coordinated Vulnerability Disclosure (CVD), formed industry collaboration programs such as MAPP and MSVR, and created the BlueHat Prize to encourage research into ...

Read More →