Qualys CTO says that this campaign could help Microsoft make Windows 8.1 more secure

Jun 21, 2013 07:22 GMT  ·  By
Windows 8.1 will be launched on June 26 as a preview version and will also come with IE11
   Windows 8.1 will be launched on June 26 as a preview version and will also come with IE11

Microsoft has recently announced a bug bounty program for Windows 8.1 Preview and Internet Explorer, offering rewards of up to $100,000 (€75,500) for those who find security flaws in these two products.

Of course, this attempt is specifically supposed to help the tech giant make its future software solutions a bit more secure, especially because Windows 8.1 is going to be a major overhaul for the existing Windows 8.

Wolfgang Kandek, CTO of Qualys, said in a statement that Microsoft indeed does the right thing by offering so much money to users who find bugs, pointing to the other companies that have already launched similar programs and are now enjoying a surprising success.

“I think this is an intelligent move by Microsoft to tap talent from all over the world, especially in the security space where it’s hard to find that talent. It also encourages good research to land into the hands of vendors rather than being sold on the black market,” he explained.

“Bug bounty programs are not new and have been implemented previously by Google, Mozilla, PayPal and Facebook to name a few. White market bug bounty programs like HP-Tipping Point’s Zero Day Initiative have been around for a few years now. Nevertheless, Microsoft's move is welcome and the prize money certainly trumps other programs,” Kandek continued.

Microsoft claims that its new security bounty program is specifically designed to help its own security engineers patch flaws before the stable versions of both Windows 8.1 and Internet Explorer 11 hit the market.

Windows 8.1 will be launched on June 26 in Preview form and will also include an early version of IE11.

“Learning about new exploitation techniques earlier helps Microsoft improve security by leaps, instead of capturing one vulnerability at a time as a traditional bug bounty alone would,” the company explained.