Posted on: 22-06-2013
Microsoft recently announced that it is now going to offer bounties of up to $100,000 for vulnerabilities that can crack Windows. This reward will be starting with preview release of
Windows 8.1, which is due to be released very soon.
It seems as though Microsoft is finally taking a page from Google's book, who have offered big rewards for researchers (hackers) who find and report security vulnerabilities in their software. Particularly at their annual hacking competition
Pwnium, at which they recently rewarded the winner $40,000.
It is also unusual for Microsoft to offer bounties for vulnerabilities found in beta software. However, this move was explained in a recent blog post from Katie Moussouris, Microsoft's senior security strategist:
[Many organizations] don't offer bounties for software in beta, so some researchers would hold onto vulnerabilities until the code is released to manufacturing. Learning about these vulnerabilities earlier is always better for us and for our customers.
So usually bounties would only be offered for released software, which means these vulnerabilities might not be patched for some time, until researchers report them and software companies get a chance to fix them. Some users could even be left vulnerable, as they turn off updates due to Internet limits.
Microsoft's new bounties and policy are a great idea and will hopefully mean Microsoft products will suffer from much less security issues in the future, which will mean less
malware, less updates to worry about and maybe Microsoft gaining back a little market share.
Back to: