Microsoft has expanded its $100,000 bounty program Monday, and will accept reports of in-the-wild attacks that demonstrate new techniques of bypassing Windows’ anti-exploit technologies, Computerworld reports.
The expanded program would let front-line security researchers, described as “responders and forensics experts” by Microsoft, submit reports of unique attack techniques they have found in active exploits.
Previously, Microsoft only accepted novel and reliable exploit techniques that researchers and academics had devised in the abstract, and which had not been used by actual hackers. The program aimed to acquire intelligence about these techniques and beef up defenses before attackers adopted them.
The change, the article reports, brings Microsoft closer to traditional bug bounty programs, which pay for each vulnerability.