Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 23 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Microsoft evolves bug bounty program to accept and evaluate all entr ies

by The Gurus
November 22, 2013
in Editor's News
Share on FacebookShare on Twitter

Microsoft has expanded its bug bounty programs to allow more people to submit flaws and has announced it is willing to pay $100,000 for new mitigation bypass techniques.

In a statement, Katie Moussouris, senior security strategist at Microsoft Security Response Center, said that it is expanding the pool of talent who can participate and submit novel mitigation bypass techniques and defensive ideas, to include responders and forensic experts who find active attacks in the wild.
“Today’s news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organisations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000,” she said.
“In this new expansion of Microsoft’s bounty programs, organisations and individuals are eligible to submit proof of concept code and technical analysis of exploits they find in active use in the wild for our standard bounty amount of up to $100,000. Participants would also be eligible for up to $50,000 in addition if they also submit a qualifying defense idea. The submission criteria are similar – but the source may be different.”
Participants must be pre-registered and sign an agreement, and payment will be offered for rare new exploitation techniques before they are used and if they are currently being used in targeted attacks if the attack technique is new.
Moussouris also said that Microsoft are willing to pay $100,000 for rare new mitigation bypass techniques, saying that these are “much more valuable than learning about individual bugs because insight into exploit techniques can help us defend against entire classes of attack as opposed to a single bug”.
Commenting, Robert Hansen, technical evangelist at WhiteHat Security praised the new approach and said it could change the way the black hat market currently works.
He said: “Microsoft’s new program allows researchers, forensics experts and vulnerability brokers alike to give vulnerabilities to Microsoft regardless of whether they were the author of the vulnerability or not. If Microsoft hasn’t seen the vulnerabilities before, they will pay the disclosing party regardless of whether they were the ones to create the vulnerability or not.
“This gives incentives to any party who has been targeted with custom exploits to be paid for sending their exploits to Microsoft.  This is good for Microsoft because it allows them to be a centralised vulnerability knowledge-base and gives a lot more incentive to researchers to disclose more vulnerabilities that they find in their inboxes, or on compromised machines.
“This is definitely a new approach to vulnerability disclosure programs, and I think it will make a lot of waves amongst the community who has, thus far, paid exclusively on attributable vulnerabilities.  It could even somewhat disrupt some of the blackhat markets, by encouraging blackhats to buy or find each other’s vulnerabilities and sell them to Microsoft to reduce the competition.  I just hope Microsoft is prepared for the onslaught of vulnerability reports they’ll be receiving.”
FacebookTweetLinkedIn
ShareTweet
Previous Post

Microsoft warns of targeted attacks against software using TIFF graphics format

Next Post

(ISC)² launch dedicated certification for healthcare professionals

Recent News

The Journey to Secure Access Service Edge (SASE)

The Journey to Secure Access Service Edge (SASE)

September 22, 2023
WatchGuard

WatchGuard acquires CyGlass for AI-powered network anomaly detection

September 21, 2023
'open' sign on window ledge

SME Cyber Security – Time for a New Approach?

September 21, 2023
Keeper Security Logo

Keeper Security Named a Market Leader in Privileged Access Management (PAM) by Enterprise Management Associates

September 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information