Microsoft announced a bug bounty program, Wednesday, that rewards hackers and researchers generously for reporting certain vulnerabilities and security weaknesses in its software products, some even before they are released.
The Microsoft bug bounty program will include the Mitigation Bypass Bounty, BlueHat Bonus for Defense, and the IE11 Preview Big Bounty.
Software experts, hackers and researchers can participate in the said bounty programs that will all kick off on June 26. This is not the first time Microsoft has offered cash prizes for finding security vulnerabilities. However, the new bug bounty programs will be a long-term effort to fix flaws of its products even when in their pre-release states.
The Mitigation Bypass Bounty will offer as much as $100,000 for exploitation techniques against its latest operating system, the Windows 8.1 Preview.
"The quality and completeness of a submission determines not only the payout but also the priority in which it will be reviewed. High quality submissions should include a detailed analysis of a vulnerability's root cause in addition to a proof of concept that reliably reproduces the issue. This information helps us rapidly confirm your findings so that you can get paid," stated Microsoft through its Security Research and Defense blog.
The BlueHatBonus for Defense will give an additional $50,000 for any defense technology that will block the exploitation techniques reported on through the Mitigation Bypass Bounty program.
Likewise, critical vulnerabilities found on the Internet Explorer 11 can earn someone as much as $11,000 through the Internet Explorer 11 Preview Bug Bounty.
The Mitigation Bypass and BlueHatBonus bounty offers will be an ongoing program while the Preview Bug Bount for the IE11 will only run until July 26.
"This is the smartest thing we can do. We evaluated what researchers were doing, and we noticed the reporting trend was changing. A few years ago, most researchers were going to Microsoft directly. We want to bring that back," said Katie Moussouris, senior security strategist lead at Microsoft Security Response Center, in an interview with ZDNet.
Anyone can participate, even security researchers from rival companies as long their employers allow it, and Microsoft will not mind paying out.
"If you are at least 14 years old, but are considered a minor in your place of residence, you need to ask your parent's or legal guardian's permission prior to participating in this program," Moussouris clarified.
With these bug bounty programs, Microsoft does not have to wait long to find whether their software products need any fixing or patching.