Earlier this year, Microsoft announced it would offer up to $100,000 to third party security researchers if they found and reported exploits in Windows 8.1. A few weeks ago, Microsoft awarded the first $100,00 bounty in their program to researcher James Forshaw. Today, Microsoft announced that even more people can now have a shot at receiving that $100,000 prize.
In a post on the BlueHat blog, Microsoft stated that responders and forensic experts who find active attacks in the wild can now submit their mitigation bypass techniques to Microsoft. It added:
Today’s news means we are going from accepting entries from only a handful of individuals capable of inventing new mitigation bypass techniques on their own, to potentially thousands of individuals or organizations who find attacks in the wild. Now, both finders and discoverers can turn in new techniques for $100,000.
The organizations must pre-register with Microsoft by emailing them at doa@Microsoft.com before submitting any exploits they may have discovered. In addition to the big $100,000 bounty, those groups are eligible to receive up to $50,000 from Microsoft if they also submit a qualifying defense idea. Microsoft says they will pay bounties even if the exploits are found to be currently used in attacks on Windows.
Source: Microsoft | Image via Microsoft