Later this month, Microsoft will start doing something it has never done before.
Starting June 26, Microsoft will pay a cash bounty to hackers who find undiscovered security holes in Windows 8 and Internet Explorer 11 and submit them.
In this case, “hackers” doesn’t mean people who find flaws in Windows and use them to make money, but researchers who hack software to let vendors know what they need to fix.
Here’s a breakdown of Microsoft’s Windows bug bounty program:
- Microsoft will pay up to $100,000 for “truly novel exploitation techniques” that can be used to break the security tech in the Windows 8.1 preview, Katie Moussouris, senior security strategist at Microsoft, said in a Wednesday blog post.
- To be eligible for the $100,000, a contestant must write code that can be used to take control of a Windows PC over the Internet, which is the most severe type of flaw.
- Contestants can get up to $50,000 more if they can also develop a way to defend against the code they’ve written.
- Microsoft will also pay up to $11,000 for flaws that affect its Internet Explorer 11 Preview, which runs from June 26 to July 26.
This is an important move for Microsoft. While other vendors have paid bounties for security flaws for years, Microsoft has resisted doing so, in part because it has a huge in-house security research team.
Now Microsoft has decided that crowdsourcing discovery of security flaws, and paying a bounty to researchers who find them is a way to keep Windows 8 from becoming a hackers’ playground.
@k8em0 Congratulations! Glad you guys finally did this.
— The Dark Tangent (@thedarktangent) June 19, 2013
Microsoft actually implemented this Bug Bounty program the right way, good job @k8em0
— Vincenzo Iozzo (@_snagg) June 19, 2013
I’m amazed that @k8em0 pulled it off. Not because she isn’t capable (she is very), but I can only imagine what a challenge it was. Nice job!
— Dino A. Dai Zovi (@dinodaizovi) June 19, 2013
Business Insider Emails & Alerts
Site highlights each day to your inbox.