Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

New bug bounty program rewards researchers for finding flaws in widely used software

Lucian Constantin | Nov. 8, 2013
A new bug bounty program sponsored by Microsoft and Facebook will reward security researchers for finding and reporting vulnerabilities in widely used software that have the potential to affect a large number of Internet users.

Microsoft's sponsorship of the program might indicate that the company has softened its stance on paying for individual vulnerabilities, a practice it has opposed for years.

Microsoft launched two bounty programs for its own products in June, but with a goal of rewarding research into new defensive techniques or exploitation methods that bypass existing defenses, rather than rewarding the discovery of individual security flaws. On Monday, the company extended one of those programs to also reward reports of new attack techniques discovered by security professionals in active attacks.

Microsoft also ran a more traditional bug bounty program in June to pay for vulnerabilities found in the preview version of Internet Explorer 11, but that program only lasted 30 days.

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.