ArsTechnica: Security Content

Syndicate content Risk Assessment – Ars Technica
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Updated: 52 min 36 sec ago

Microsoft expands bug bounty program to cover any Windows flaw

Wed, 2017/07/26 - 22:28
Some bugs aren't worth very much cash. (credit: Daniel Novta) Microsoft today announced a new bug bounty scheme that would see anyone finding a security flaw in Windows eligible for a payout of up to $15,000. The company has been running bug bounty programs, wherein security researchers are financially rewarded for discovering and reporting exploitable flaws, since 2013. Back then, Microsoft was paying up to $11,000 for bugs in Internet Explorer 11. In the years since then, Microsoft's bounty schemes have expanded with specific programs offering rewards for those finding flaws in the Hyper-V hypervisor, Windows' wide range of exploit mitigation systems such as DEP and ASLR, and the Edge browser. Many of these bounty programs were time-limited, covering software during its beta/development period but ending once it was released. This structure is an attempt to attract greater scrutiny before exploits are distributed to regular end-users. Last month, the Edge bounty program was made an ongoing scheme no longer tied to any particular timeframe. Read 2 remaining paragraphs | Comments
Categories: Security Posts