INSECURITY SACKBOY Microsoft Windows has a freshly-baked bug bounty program that could earn someone a quarter of a million dollars.
Big money stuff. Of course, not all the prizes are that large and an entry level fumble only earns $500. That is still better than a poke in the eye.
Microsoft is hanging the new program on Windows 10, an operating that it thinks is smashing already, but needs the wider backing of the white hat community. Microsoft has a ton of bug bounties already. It's very regular patching cycle shows that these have some effect.
"Windows 10 represents the best and newest in our strong commitment to security with world-class mitigations. One of Microsoft's longstanding strategies toward improving software security involves investing in defensive technologies that make it difficult and costly for attackers to find, exploit and leverage vulnerabilities." uttered the firm in a blog.
"In the spirit of maintaining a high-security bar in Windows, we're launching the Windows Bounty Program on July 26, 2017. This will include all features of the Windows Insider Preview in addition to focus areas in Hyper-V, Mitigation bypass, Windows Defender Application Guard, and Microsoft Edge. We're also bumping up the pay-out range for the Hyper-V Bounty Program.
The firm, no one at Microsoft has put their name to this, says that it has had bounties on offer since 2012,and that it fully supports their value. Of course it does. It produces software with more holes than a sponge.
"Since 2012, we have launched multiple bounties for various Windows features. Security is always changing and we prioritize different types of vulnerabilities at different points in time. Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities", it added to raised eyebrows all round.
If you are interested in a Windows windfall, an attack on Hyper-V pays out the largest money, the $250,000 while Windows insider preview vulnerabilities have a pay range of $500 to $15,000. µ
A whole new way to be tied to your ISP
Search giant puts Epyc chips at the heart of its datacentre servers
Notch-equipped handset quickly overtakes its cheaper siblings
Good news for developers; a collective shrug for everyone else