Bounty News Update: Bountiful Harvest

Fall is a season traditionally associated with a harvest after planting the seeds and tending the crops. Today I’m proud to announce the names of six very smart people who have helped us make our products more secure by participating in our new bounty programs.  When we launched our bounty programs in June this year, we…


Attention Bounty Hunters – The Ramp Up to Black Hat

We’re three weeks into our new world of bounties for Microsoft products now, and as the clock ticks down on one program, we’re prepping for some live excitement with one of the others. First, the Internet Explorer 11 Preview Bounty is entering its final 10 days; the bounty period for that program closes on the…


Filling A Gap In the Vulnerability Market – First Bounty Notification

When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs designed to create a win-win between the security researcher community and Microsoft’s customers,…


Doors Open for New Bounty Programs

As we announced last week, Microsoft is now offering $100,000 bounties for new exploitation techniques that can bypass our latest platform-wide defenses and up to $50,000 bonus bounties for defense ideas. We’re also offering (from now until July 26) bounties of up to $11,000 for critical security issues in Internet Explorer 11 Preview. Please see…


Coordinated Vulnerability Disclosure: Bringing Balance to the Force

Today on the MSRC blog, Matt Thomlinson, General Manager of Trustworthy Computing Security, announced our new philosophy on Coordinated Vulnerability Disclosure. I wanted to provide some context and history on how this came about. This post is about changing the way we at Microsoft talk about some familiar disclosure concepts, and is meant as an introduction…


Hacker Olympics: a shout-out from Vancouver, BC!

Handle:Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni Handle:Mando Picker IRL: Dustin Childs Rank: Security Program Manager Likes: Protecting customers, working with security researchers, second Tuesdays, bourbon, mandolins Dislikes: Using…