How do you keep enterprising hackers from unloading exploits into the wild? Microsoft has been paying bounties to researchers who find and disclose security issues for a while. Now, it's expanded the program. At Black Hat, the company announced that it will double the size of payments it makes in its Bounty for Defense program, and it'll also be expanding the Online Services Bug Bounty to new areas of eligibility.
Let's say an exploit has been discovered in the wild, and Microsoft has mitigated (or patched) that exploit. If you can get around that mitigation, you have a submission for the company's Mitigation Bypass program, which could net you up to $100,000. Ideas for defending against further hacking efforts are eligible for the Bounty for Defense program, which has its own $100,000 maximum payout. Submissions that offer both a mitigation bypass and a defensive idea would receive both bounties. These bounties are only good for attacks on the latest version of Windows, so those of you interested in submitting your brilliant ideas need to cover Windows 10.
The Online Service Bug Bounties program has been expanded to include Azure Active Directory and the Microsoft Account service, in addition to Office 365 and the other Azure services that were previously eligible. The bounty for online service bugs has also been raised temporarily, from its normal $500-$15,000 to a maximum payout of $30,000 until October 5. You better get—ehrm—cracking.
|Nanoxia Project S case slides into home-theater setups||17|
|Cat5e and Cat6 cables get a 5Gbps speed boost||0|
|BIO-key fingerprint readers let users get in touch with Microsoft Hello||0|
|Google Translate gets a boost from deep neural networks||3|
|BlackBerry will no longer make BlackBerries||8|
|Nvidia previews Xavier SoC with Volta GPU for self-driving cars||18|
|be quiet! Silent Loop AIO liquid coolers hum along quietly||3|
|Microsoft catapults datacenter performance with FPGAs||47|
|Asus J3455M-E mobo sails out with Apollo Lake SoC aboard||23|