By Darren Allan
Microsoft is looking to stamp out future major bugs along the lines of Spectre, with the company offering big money to hunt down these sort of flaws.
Microsoft’s new bug bounty program is specifically for ‘speculative execution side channel vulnerabilities’ like Spectre and Meltdown which affected Intel chips, as well as AMD and ARM processors in the case of the former.
The software giant observed that these represented a new class of vulnerabilities, and a major change in the threat environment, to which its reaction is this new program which will pay up to $250,000 (about £180,000, AU$320,000) for those who discover and disclose such bugs to Microsoft.
The top tier payment of up to $250,000 will be made for the discovery of entirely new categories of speculative execution attacks, with Microsoft paying up to $200,000 (about £145,000, AU$255,000) for the discovery of methods of bypassing Windows’ defenses against existing speculative execution flaws.
Those who find new spins on known speculative execution vulnerabilities with Windows 10 or Microsoft’s Edge browser will be able to bag a reward of up to $25,000 (about £18,000, AU$32,000).
Joint effort
Naturally, the hope is that Microsoft will be able to use such early warnings to concoct a …read more
Source:: techradar.com – Computing Components
Previous post
Next post