Microsoft Launches Windows Bug Bounty Program With Rewards Ranging From $500 To $250,000 (venturebeat.com) 34
Microsoft on Wednesday announced the Windows Bounty Program. Rewards start at a minimum of $500 and can go up to as high as $250,000. From a report: To be clear, Microsoft already offers many bug bounty programs. This is also not the first to target Windows features -- the company has launched many Windows-specific bounties for those starting in 2012. The Windows Bounty Program, however, encompasses Windows 10 and even the Windows Insider Preview, the company's program for testing Windows 10 preview builds. Furthermore, it also has specific focus areas: Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.
Okay Dokey (Score:4, Funny)
I mailed in a Windows 10 Install DVD. When do I get my check for $250k?
Re: (Score:2)
Re: (Score:2)
Don't get excited (Score:2)
I thought I would be newly rich as my technet / microsoft forums account only exists to file all the monthly bugs i find in windows. But then i read its only certain types of bugs that are eligible:
oh well! I continue to do QA for free then i guess.
Re: (Score:3)
Also, Microsoft has historically quite the reputation of downplaying discovered bugs with security impact or reclassifying as lower impact, Until an actual exploit is publicized that defeats all mitigations.
Doubt the bounty will help matters. Merely discovering a bug is not enough --- you're going to need to build the exploit to.
Once you have a RCE exploit, you could PROBABLY make a lot more than $250k selling that to the CIA, etc.
Re: (Score:2)
But Windows is safe
“Will you walk into my parlour?” said the Spider to the Fly,
'Tis the prettiest little parlour that ever you did spy;
The way into my parlour is up a winding stair,
And I've a many curious things to show when you are there.”
Re: (Score:1)
I would expect a gigantic reward to be issued since to date there has been no government intelligence agency related "feature" ever discovered in any MS software. Are there bugs that create exploits? Sure. Just like every piece of software ever written. Do the government intelligence agencies keep an arsenal of possible 0-day exploits? Sure. This would fall squarely under their job description. A job description that includes words like "covert" and "clandestine". After all the US is not the only country th
Re: (Score:2)
If a vulnerability is found, how do you know who's ultimately responsible for it?
Yeah, didn't think so. So "there has been no government intelligence agency related "feature" ever discovered" is completely meaningless.
Re: (Score:2)
Do you have any proof that a government intelligence agency in cooperation with the software vendors have created purpose built exploitable security flaws?
No. Can this be proven? No, it's trivially plausibly deniable. Please learn basic reasoning and logic.
My point stands, your inital assertion is meaningless.
The real irony [blah blah]
So what does that have to do with anything?
Re: (Score:2)
Your intelligence level [...]
Oh the irony.
your accusations
What exactly are "my accusations", my special friend? What I've done is pointing out that "there has been no government intelligence agency related "feature" ever discovered" is a meaningless statement. That is not remotely the same as me claiming there are in fact such backdoors; the difference is that I don't assume there aren't any, while you do, based on your meaningless statement. I'm repeating myself, but please get familiar with basic reasoning and logic.
Re: (Score:1)
What's MS supposed to do when you stumble across an NSA sponsored "feature"? Or is this to make sure intentional vulnerabilities aren't too obvious?
They will deny it is a vulnerability and refuse to pay... After all, it's a "feature" and they already knew about it.
Re: They can't be serious! (Score:3)
Edge (Score:4)
> Furthermore, it also has specific focus areas: Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge.
Yeah but then I'd have to use Microsoft Edge.
Re: (Score:3)
Yea, but it's FASTER (according to M$'s PR campaign that comes up when you start Edge)... Well SURE it's faster, it doesn't support anything that would slow it down.
And whoever finds a bug in the Edge browser (Score:2)