Microsoft will pay you to successfully hack Windows
Typically, a company frowns upon having its products hacked. However, Microsoft is inviting people to do just that. The tech company announces that it will be offering direct cash payments "in exchange for reporting certain types of vulnerabilities and exploitation techniques". No, Microsoft has not gone crazy (at least I hope). Companies usually offer such bounty programs for sane reasons -- security and publicity.
From a security standpoint, it makes sense for Microsoft to invite people to hack its products. When a bug or exploit is found, it can be patched. The tech company's products can only get more secure as a result. Heck, maybe Microsoft can even hire the successful hackers!
From a publicity standpoint, Microsoft can’t lose. There are essentially two outcomes -- products get hacked or they don’t. If no one is successful in hacking Windows, the company can tout its product’s security. However, if a product is hacked, Microsoft can get positive press from its relationship with the security community and the paying of cash prizes.
The following bounty programs will launch on June 26, 2013:
- Mitigation Bypass Bounty -- Microsoft will pay up to $100,000 USD for novel exploitation techniques against protections built into the latest version of its operating system (Windows 8.1 Preview). Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would.
- BlueHat Bonus for Defense -- Additionally, Microsoft will pay up to $50,000 USD for defensive ideas that accompany a qualifying Mitigation Bypass submission. "Doing so highlights our continued support of defensive technologies and provides a way for the research community to help protect more than a billion computer systems worldwide".
- Internet Explorer 11 Preview Bug Bounty -- Microsoft will pay up to $11,000 USD for critical vulnerabilities that affect Internet Explorer 11 Preview on the latest version of Windows (Windows 8.1 Preview). The entry period for this program will be the first 30 days of the Internet Explorer 11 beta period (June 26 to July 26, 2013). Learning about critical vulnerabilities in Internet Explorer as early as possible during the public preview will, Microsoft says, help make the newest version of the browser more secure.
While these bounty programs will launch on June 26, Microsoft is separately inviting people to hack Windows 8.1 live at this year’s Black Hat USA 2013. From July 27 -- August 1, a laptop running the operating system will be on display. The first person to bypass Windows 8.1 security gets $100,000, and the laptop.
Are any BetaNews readers planning on winning some of this money? Tell me in the comments.