Bug-hunters in Windows could be rewarded with up to £250,000 after Microsoft extend their Bounty Programs.
Psst, over here… If you want Windows to run at lightning speed, you should look into getting one of the best SSDs on the market.
As even Microsoft’s employees are human – I know, astonishing – Windows 10 and other creations of theirs were always going to have tiny flaws built into them. Designing and implementing operating systems and programs isn’t exactly what you’d call an easy undertaking, after all. Of course, people in the know can find these flaws and exploit them for profit, selling them to the highest bidder. Others may choose to let the public know, opening operating systems like Windows up to attack from ne’er do wells.
One of the easiest (legal) ways to stop people doing this is by offering them a financial incentive. Microsoft’s first bug bounty program was announced in 2013, aiming to do exactly that – encourage those with dodgy intentions to reveal the flaws (in that case, in Internet Explorer) to them rather than sell the information to the highest bidder, and to incentivise researchers who may not otherwise have bothered to try and find bugs too.
In 2013, Microsoft paid out over $28,000, but the bounties have quickly snowballed into much higher figures, with nearly a quarter of a million dollars paid out in 2014. This year’s active bounty programs, some of which have carried over from 2013, include a reward of up-to $30,000 for finding vulnerabilities in Windows Defender, up to $100,000 for ‘Novel exploitation techniques against protections built into the latest version of the Windows operating system’, and the possibility of a massive $250,000 sum for finding issues with Microsoft Hyper-V, which is responsible for creating virtual machines.
For the smart cookies with the bug-hunting knowledge to get involved in this pursuit, it’s rapidly becoming lucrative work. Who knows how much Microsoft will be shelling out in another four years?
Thanks, Bit-Tech.