Microsoft to crowdsource Windows 8.1 security, offers $100k bounties

email article email article print article print article tip @techmeme

microsoft surface ad

It’s about damn time. Microsoft has finally decided to start incentivising, handsomely, anyone that can find security flaws in the world’s most popular desktop operating system. The Redmond gang will cough up US$100 000 for information about security bugs that can be used to break into Windows.

The programme which, starts with the upcoming 8.1 release of Windows, will offer an additional US$50 000 “Defense Bonus” to those cunning hackers who can outline new ways of defending against similar weaknesses from being exploited in the future.

But wait. There’s more. Microsoft will also fork over up to US$11 000 for security flaws in the preview version of Internet Explorer 11. This move is interesting because it now behooves researchers to release their vulnerability findings earlier. Typically companies do not offer rewards for beta software.

Why hasn’t Microsoft done this sooner, after all, this kind of thing has been stock for companies like Facebook, Google and Mozilla for a while now. Four reasons.

The first is that, it’s getting harder to find these exploits. Microsoft is crowdsourcing its security efforts by tapping into the entire world’s security community — professional, freelance or hobby.

Next, hackers are selling their exploits to the highest bidder, sometimes to the government or on the black market where they can be used for espionage or crime. Microsoft’s bounties are high enough to attract enterprising researchers. Forbes reporter Andy Greenberg reported last year that a working Windows exploit could “earn a hacker between US$60 000 and US$120 000 dollars from an intelligence or law enforcement agency, and one that achieves full compromise of a Windows computer through Internet Explorer could earn as much as $200,000.”

The third reason is that Microsoft isn’t detecting vulnerabilities picked up in the wild fast enough. Sure, it offers the Blue Hat prize annually at the Black Hat conference and the grapevine reveals exploits through competitions like Pwn2Own, but that’s way too sporadic for a company that services the majority of the world’s home and corporate desktop computers.

Lastly, more researchers are turning to third-party programmes like HP’s Zero Day Initiative and Verisign’s iDefense to report and exploits. Now there’s a direct line.

Microsoft’s Katie Moussouris says that the bounty programmes announced “will simultaneously encourage those who want to work with us while increasing costs for those whose actions cannot be affected by bounties or other incentive programs.”

Source: Forbes

email article email article print article print article

  • Agosto Nuñez

    Microsoft Window’s software is the de facto standard in the world, most hackers are MOST experienced in attacking Windows, Google Chrome O.S., Google Chromium O.S., O.S. X and several others are mostly protected by obscurity, if Microsoft can ”perfect” Windows 8.1 (Blue), it’ll be the safest software in the planet, I bet people will think twice before they call Windows ”unsafe”, Windows 8 is already secure, Windows 8.1 (Blue) is created with security in mind.

  • Pingback: Microsoft to crowdsource Windows 8.1 security, offers $100k bounties – Memeburn | Premium News Updates

  • Pingback: Microsoft to crowdsource Windows 8.1 security, offers $100k bounties – Memeburn | Finance Chit Chat

  • speas

    I have a very very hard time seeing any Windows software EVER being the safest on the planet. As great as crowd funding is, using people’s monetary ambitions to further development, I bet this release will be as unsafe as every other – after all, this many years and releases, do you think they would start making good software NOW? Not a chance.

Related articles

Topics for this article

[ advertising enquiries ]

Share
  • BURN MEDIA TV

    WATCH THE LATEST EPISODE NOW
    Latest Episode
    Sony Xperia Z2 Review

MORE HEADLINES

news

VIEW MORE

interviews

VIEW MORE

future trends

VIEW MORE

entrepreneurship

VIEW MORE

social media

VIEW MORE

facebook

VIEW MORE

twitter

VIEW MORE

google

VIEW MORE

advertising & marketing

VIEW MORE

online media

VIEW MORE

design

VIEW MORE

mobile

VIEW MORE

More in Microsoft

Why BlackBerry, Microsoft's desperate scrap for third place is so important

Read More »