Microsoft Starts Bug Bounty Programs for IE 11
Just a couple of weeks ago Microsoft started its bug bounty programs, and they already have a researcher who found a breach in IE 11 and are ready to pay the reward to him. The researcher who found the bug in the web browser, which is currently in preview release, works for Google. Furthermore, Microsoft claims that they have even more candidates for the IE 11 reward program. This program will last until July 26 and pay the researchers up to $11,000 for the discovery of new bugs in the browser. The reward program was started due to the fact that recently Microsoft do not get many reports from the users concerning security breaches.
Ivan Fratric is the name of the first researcher who will get the reward. He works as security engineer at Google. Fratric reported about possible memory corruption vulnerability just a few days after the IE 11 reward program had started. The amount of money that he will get is much smaller than the real market value for the discovery of such breach, but according to Microsoft representatives being the highest bidder was not their goal.
Katie Moussouris is a senior security strategist at Microsoft. She claimed that the purpose of this program is rewarding those researchers who are interested in selling bug discoveries in the white market. Current conditions allow direct and easy access to Microsoft if the researchers are willing to sell the discovered flaws. The corporation is well aware that their prize money is nowhere near the amount of cash researches could get if they try to sell the bugs to the cyber criminals. According to her Microsoft is not competing with the underground market at all. They are just providing attractive bounties knowing that currently there aren’t many buyers in the black market. Moreover, there are people who won’t sell the bugs, no matter the price Microsoft offers. That is why company’s officials think there is no use in offering the highest bid as money is not the biggest factor which is influencing the seller.
Microsoft is running another program concerning security vulnerabilities. They are offering $100,000 for new methods which can bypass all of the existing exploit mitigations, in the newest version of Windows OS, starting from 8.1. The results of the program will be announced at the Black Hat Briefing conference.