In a blog post, Microsoft has announced that it has decided to take the matter of finding critical bugs of similar nature to the Spectre/Meltdown flaws into its own hands - at least partially. Adding to its bug bounty programs, the company has now announced that a new pot of up to $250,000 is up for grabs until at least December 31st of this year.
The new bug bounty program is divided into four different severity/compensation tiers, with tier 1 flaws (New categories of speculative execution attacks) granting up to $250,000 in rewards for the "coordinated disclosure" of such vulnerabilities. The idea here is Microsoft is employing the knowledge and will of the capable masses that might find ways of exploiting vulnerabilities, and would choose to disclose them to Microsoft - getting the prize money, helping the tech industry in providing a timely, coordinated defense against these exploits, and saving vast amounts of funding (and time), by not having to do the bug bounty themselves.
Reply With Quote
Bookmarks