14 DAY TRIAL // Microsoft officially started its first bug bounty program two weeks ago, confirming that it’s willing to offer huge amounts of cash to users who find bugs in Internet Explorer 11 and Windows 8.1.
The software maker has confirmed in a blog post that it received only “a few” submissions so far, so an announcement on those who are eligible for the bounties is expected to be provided in just a few days.
The Softies have promised to offer up to $11,000 (€8,500) to those who spot security vulnerabilities in the new Internet Explorer 11 Preview, and a maximum of $100,000 (€78,000) for Windows 8.1 Preview flaws.
“We’ve received a few submissions to date for the IE 11 Preview Bug Bounty and the Mitigation Bypass Bounty. The investigations are underway, and we should be able to hit our target of letting those researchers know if they qualify for a bounty by next week,” Katie Moussouris, Microsoft Security Response Center, explains in a blog post.
“We've gotten questions about previously submitted vulnerabilities or previously presented techniques, and whether we will pay a bounty for them. The short answer is ‘no,’ but we’ll find a way to recognize the researchers who came to us before we offered cash,” Moussouris adds.
As far as the researchers taking part in the program are concerned, Microsoft claims that most of them are coming from familiar security experts, while other bugs are being submitted by people who previously used white market vulnerability brokers.
“This means that our strategy to attract researchers to report issues directly to us earlier in the release cycle is working already, just one week in to the new programs! Everyone wins – the researchers, our engineers, and especially our customers,” Moussouris goes on to say.
Microsoft is struggling to make both Windows 8.1 and Internet Explorer 11 completely secure before the final versions hit the market, with sources familiar with the matter claiming that this is likely to happen in October.