| Home : June 22 2013 Computer News : Microsoft's $100,000 bug bounty: Read the fine print |
|
Microsoft's $100,000 bug bounty: Read the fine print |
June 22, 2013
Microsoft is offering up to $100,000 for vulnerabilities found in Windows 8.1 that are paired with exploits, but it's pretty much up to Microsoft to decide who gets paid how much based on a set of subjective criteria.
In order to pull down the full amount, a submission must be novel, generic, reasonable, reliable, impactful, work in user mode, and be effective on the latest Windows OS, according to details of the new bounty program. Each of those criteria is subject to interpretation.
Fair contest?
It will be up to Microsoft to convince potential participants in the program that their submissions will be treated fairly, says Ross Barrett, senior manager of security engineering for Rapid7.
"A lot of people don't trust them," Barrett says. Microsoft could find an attack technique good but not novel, and then patch the vulnerability without paying. "That's paranoid, maybe, but that kind of paranoia tends to be par for the course in this industry," he says.
To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2042728/microsofts-100-000-bug-bounty-read-the-fine-print.html#tk.rss_all
|
|
|
|
|
