Microsoft Launches $100k Bug Bounty Program 68
Trailrunner7 writes "After years of saying that the company didn't need a bug bounty program, Microsoft is starting one. The company today will announce the start of a new program that will pay security researchers up to $100,000 for serious vulnerabilities and as much as $50,000 for new defensive techniques that help protect against those flaws. Microsoft security officials say that the program has been a long time in development, and the factor that made this the right time to launch is the recent rise of vulnerability brokers. Up until quite recently, most of the researchers who found bugs in Microsoft products reported them directly to the company. That's no longer the case. The system that Microsoft is kicking off on June 26 will pay researchers $100,000 for a new exploit technique that is capable of bypassing the latest existing mitigations in the newest version of Windows."
Exploit circle (Score:2, Informative)
1) Pay for exploits up to 100,000
2) Sell exploits to NSA for up to 200,000, guaranteed unpatched for x days
3) Patch exploit; forcing NSA to buy more exploits
4) Repeat steps
5) Profit!
Re: Rich (Score:0, Informative)
Disregarding the Russian zero day exploit forums, according to Secunia Windows 7 (win 8 is still too young and has only 42 warnings) is ridden by 142 advisories and 294 Vulnerabilities. At least 5% are still not fixed and are highly critically (endangering. Red alert).
Windows and security was and will always be an oxymoron.