Gameguru Mania Forum Index Gameguru Mania
Daily Gaming, Hardware, Software and Technology News
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 
news | cheats | reviews | specials | hardware | demos | FLASH GAMES | about | links

Microsoft offers $250,000 bounty for bugs

 
Post new topic   Reply to topic    Gameguru Mania Forum Index -> Security
View previous topic :: View next topic  
Author Message
heretic
Site Admin
Site Admin


Joined: 27 May 2004
Posts: 2674

PostPosted: Sat Mar 17, 2018 11:11 am    Post subject: Microsoft offers $250,000 bounty for bugs Reply with quote

The January reveal of the Meltdown and Spectre speculative-execution attacks sent ripples through the entire computer industry. Part of Intel's response was a boost in bug-hunting bounties up to a cool quarter-million dollars for finding side-channel vulnerabilities. Microsoft has now joined the party and ponied up a $250,000 bounty of its own for the identification of speculative-execution flaws. Like Intel's payout bump, Microsoft's program has a ticking clock—it'll end when 2019 comes around.

Microsoft's payout program has four tiers, shown in the table below. The biggest award is handed for discovering a new class of speculative-execution attacks. The company has a separate blog post with more technical information about the known classes for that type of bug. The new bounty program augments existing programs, including one that awards as much as $250,000 for discovery of vulnerabilities in Hyper-V.

https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/
Back to top
View user's profile Send private message Send e-mail
Wertongent
Contributor
Contributor


Joined: 20 Dec 2019
Posts: 9

PostPosted: Mon Dec 30, 2019 11:17 pm    Post subject: Reply with quote

No wonder )))
Back to top
View user's profile Send private message
Alisa9
Contributor
Contributor


Joined: 27 Jul 2022
Posts: 4

PostPosted: Fri Aug 26, 2022 11:17 am    Post subject: Reply with quote

Microsoft is introducing a new bug bounty reward for the “speculative execution” CPU vulnerabilities that were disclosed recently. The software giant is offering up to $250,000 for bugs that are similar to the Meltdown and Spectre CPU flaws. Microsoft’s bounty will run until the end of the year, and it’s clearly designed to discover additional flaws as researchers begin to look at these types of vulnerabilities in processor designs.

“Speculative execution is truly a new class of vulnerabilities,” says Phillip Misner, a security group manager at Microsoft. “We expect that research is already underway exploring new attack methods.” Microsoft wants to encourage security researchers to responsibly disclose any potential CPU flaws, and up to $250,000 is probably a good way to achieve that. Microsoft also offers up to $250,000 for serious Hyper-V flaws in Windows 10.

News of Microsoft’s Spectre response comes just as Intel is preparing its own CPU changes for the future. Intel is redesigning its processors to protect against attacks like Spectre, and the company’s next-generation Xeon processors (Cascade Lake) will include new hardware protections, alongside 8th generation Intel Core processors that ship in the second half of 2018. Data analytics companies existing CPUs will be protected with firmware updates, but it’s obvious that the industry wants to address these new problems at the fundamental hardware design level to ensure future devices are protected.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Gameguru Mania Forum Index -> Security All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2666 phpBB Group