http://www.theregister.co.uk/2013/06/19/microsoft_bug_bounty_black_hat/
By Iain Thomson in San Francisco
The Register
19th June 2013
Microsoft is breaking its long-standing tradition of not paying for security
vulnerabilities by offering a $100,000 cash prize for the first penetration
tester to crack Windows 8.1 and a $50,000 bonus to explain how they did it.
At this year's Black Hat USA conference – held at the end of July in the sweaty
hell that is Las Vegas at that time of year – Microsoft will offer $100,000
(and a laptop) to the hacker who can demonstrate a critical vulnerability in
Windows 8.1, either at the conference or afterwards.
Any successful hacker can earn an additional $50,000 "BlueHat Bonus" if they
can tell Redmond how to fix a major flaw in the operating system. In addition,
there's an $11,000 bounty on Internet Explorer 11 Preview Edition
vulnerabilities – but with a 30 day time limit – presumably so that any new
problems can be fixed in time for the final release.
The market for software vulnerabilities is a contentious issue. Proponents
point out that cash payouts are the only way for independent security
researchers to make a living and that the resulting disclosures have immense
benefits for end users. Opponents suggest that hackers should disclose
responsibly as a matter of morality. Meanwhile, there's a thriving black market
for software flaws, especially zero-day vulnerabilities.
[...]
_______________________________________________
ISN mailing list
[email protected]
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org
