Microsoft Expands $100K Bounty Program for Cyber Vulnerabilities

Microsoft has expanded its $100,000 bounty program Monday, and will accept reports of in-the-wild attacks that demonstrate new techniques of bypassing Windows’ anti-exploit technologies, Computerworld reports.

The expanded program would let front-line security researchers, described as “responders and forensics experts” by Microsoft, submit reports of unique attack techniques they have found in active exploits.

Previously, Microsoft only accepted novel and reliable exploit techniques that researchers and academics had devised in the abstract, and which had not been used by actual hackers. The program aimed to acquire intelligence about these techniques and beef up defenses before attackers adopted them.

The change, the article reports, brings Microsoft closer to traditional bug bounty programs, which pay for each vulnerability.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.