Feeds

Microsoft hands out $28K to bug-hunters

Help us actually squish 'em and reap even bigger rewards – Redmond

Build a business case: developing custom apps

Microsoft's first ever bug bounty programme has resulted in payouts totalling $28,000 to security researchers who found flaws in the preview release of Internet Explorer 11.

Redmond offers a maximum reward of $11,000 to researchers who found security vulnerabilities in pre-release versions of IE 11 during the period of the bug bounty programme, which ran for a month from 26 June. In the event Microsoft paid out $28k to six researchers who collectively reported 15 different bugs.

An honours roll page credits James Forshaw of Context Security as the most prolific of these researchers. Forshaw earned $9,400 for his efforts in discovering design level vulnerabilities and other security bugs in IE11.

Google engineers Ivan Fratric and Fermin J Serna received $1,100 and $500, respectively, for uncovering lesser flaws. Both these bounties were donated to charity.

Bug bounty programmes have become commonplace across the IT industry over recent years. The schemes motivate researchers to report flaws to vendors, rather than selling details of bugs to TippingPoint's Zero Day Initiative or hawking them through exploit brokers or vulnerability marketplaces. Google's bug bounties are the best known and most financially generous.

The IE 11 bug-hunting season has closed but Microsoft is still offering a rather more generous $100,000 for "truly novel exploitation techniques against protections built into the latest version of our operating system (Windows 8.1 Preview)". And this can be topped up by a reward of up to $50,000 for ideas on how to defend against identified attacks. ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?