Microsoft's sponsorship of the program might indicate that the company has softened its stance on paying for individual vulnerabilities, a practice it has opposed for years.
Microsoft launched two bounty programs for its own products in June, but with a goal of rewarding research into new defensive techniques or exploitation methods that bypass existing defenses, rather than rewarding the discovery of individual security flaws. On Monday, the company extended one of those programs to also reward reports of new attack techniques discovered by security professionals in active attacks.
Microsoft also ran a more traditional bug bounty program in June to pay for vulnerabilities found in the preview version of Internet Explorer 11, but that program only lasted 30 days.
Sign up for CIO Asia eNewsletters.