The new bug bounty programs include the Mitigation Bypass Bounty, which will earn security researchers up to $100,000. The Mitigation Bypass is for research that demonstrates what Microsoft refers to as “truly novel exploitation techniques” against Windows 8.1 Preview. Microsoft will also pay up to $11,000 for bugs that researchers find in the IE 11 Preview browser.
An additional $50,000 is on the table for researchers that provide defensive techniques to Microsoft that can block offensive bypass techniques.
While the launch of the bug bounty program is new, in some respects it is a follow-up to an effort Microsoft engaged in last year. The Blue Hat Prize was awarded at the 2011 Black Hat event and gave researchers a total of $260,000 in prize money.
“The BlueHat Bonus for Defense Program is the logical continuation of the 2011-12 standalone BlueHat Prize contest, since both seek defensive solutions to significant exploitation techniques,” Dustin Childs, group manager for Response Communications, Microsoft Trustworthy Computing, told eSecurity Planet. “All three winning entries in the BlueHat Prize Contest concerned defenses against Return Oriented Programming (ROP), a well-known mitigation-bypass technique.”