Game to go a round with a Spartan? Microsoft will pay if you bruise it

Redmond broadens its bug bounty program to harden up Windows 10

Redmond will expand its bug-bounty program ahead of the launch of Windows 10, including a two-month hunt for vulnerabilities in its Project Spartan browser.

If you want to play Athens to Microsoft's Spartan, there's as much as US$15,000 up for grabs for remote code execution bugs, sandbox escapes, and “design-level security bugs”, Microsoft says in its Security Response Center blog.

“The bounties for Spartan are tiered by the criticality of the issue reported, as well as the quality of the documentation and how reproducible the issue is”, the post states.

Jason Shirk writes that the Spartan bounty lasts until June 22, 2015, and also announced new bounty offers for flaws in Azure and the company's Sway.com Web application.

The Azure bounty offer will cover virtual machines, cloud services, storage, Active Directory “and much more” Shirt wrote.

The US$15,000 maximum payout has been applied across the board to critical bugs in Microsoft's online services.

Redmond's Hyper-V virtualisation has been added to the up-to-US$100,000 Mitigation Bypass bounty, with interest in guest-to-host escapes, guest-to-guest escapes, and “guest-to-host DoS (non-distributed, from a single guest)”. ®

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019