Microsoft has announced that it will give security researchers cash rewards for devising novel software exploitation techniques, creating new exploit mitigation systems, and finding bugs in the beta of Internet Explorer 11 when it's released later this month.
Bug bounty programs, where security researchers receive a cash reward from software vendors for disclosing exploitable flaws in those vendors' software, have become an important part of the computer security landscape. Finding flaws and working out ways to exploit them can be a difficult and time-consuming process. Moreover, exploitable flaws have a market value, especially to criminals, as they can be used to propagate malware and attack systems.
Bounty programs address both concerns. They provide a means for compensating researchers for their efforts, and they provide a market for flaws that won't lead to compromised machines and harm to third parties. Google, Mozilla, Facebook, PayPal, and AT&T, among others, all offer monetary rewards for bug disclosures.
Read 7 remaining paragraphs | Comments