Sudbury Computer Repair Blog

RSS Grab RSS Feed

Enter your e-mail address below to receive
updates on new blog posts!

Microsoft Pays Hackers to Discover and Report Bugs in their Software

Joseph Coupal - Tuesday, July 02, 2013

It is important that Boston area company's computer system security is up-to-date. Your business computer system should be regularly and/or continuously monitored to make sure that you are up to date with the latest security, compliance, and disaster recovery standards.

Microsoft has long benefited from the bug bounty programs of other vendors. But it now has its own new programs to compensate researchers who spend their days hunting down fresh security flaws in Microsoft products. Microsoft is offering cash bounties to boost the "win-win" between Microsoft customers and security researchers.

Microsoft has reversed its longstanding ban on paying hackers for information about freshly discovered security holes and instead is now offering rich bounties for notice of new Windows bugs.

Microsoft has benefited from the bug bounty programs of Google and Mozilla. But it is now offering three new programs to encourage and compensate so-called gray hat and white hat researchers who spend their days hunting down fresh security flaws in Microsoft products.

Hackers can now claim bounties of up to $100,000, depending on the type of bug discovered. For instance, Microsoft will pay $11,000 hard cash for any bugs found in its upcoming Internet Explorer 11 browser software.

"Microsoft entering the game is a big changer because they are a large traditional software vendor," says Chris Wysopal, chief technology officer at application security vendor Veracode.  

Microsoft has come full circle in the hacking community's fractious "full disclosure" debate. Black hat, white hat and gray hat hackers have been relentlessly exposing new Windows bugs since the 1990s.

White hats argue that the intense scrutiny compels software vendors, like Microsoft, to take security more seriously and patch security flaws with more alacrity. Black hats hunt for bugs, too, but with criminal intent. Gray hats sometimes contribute to the cause of good, and at other times behave more like black hats.

Each newly disclosed Windows bug sets off a race to get the new vulnerability patched across the massive breadth of Windows PCs, laptops and servers -- before they can be taken advantage of.

That phenomenon now happens at such a frenzied scale that Microsoft has taken to issuing security patches on the first Tuesday of each month to maintain a semblance of order.

Bug bounty programs have been around for awhile in order to encourage gray hats and white hats to work with vendors to fix problems instead of disclosing new bugs without vendor coordination.

Bounties help "massively.” Cash is best when it comes to demonstrating that software companies who tend to rush products to market actually value the gray hat and white hat researchers who, essentially, perform a critical quality control function.

Now Microsoft is finally acknowledging gray hats and white hats -- with its check book. "The value comes from the business actually understanding the importance of security, and the downstream impacts and ramifications to their business and customers," Ford says.

Mike Reavey, director of Microsoft's Security Response Center, tells CyberTruth that in the past researchers willingly reported a vast majority of bugs directly to Redmond "so there wasn't a need to offer a bounty program."

Do you think you have a bug in your computer system? You may not be able to get cash for it, but contact Sudbury Computer to get rid of it and to help make your system more secure.

Recent Posts


email virus, Boston hosted email in the cloud, framingham computer back ups, marlborough Blackberry Facebook app/virus unsecure wireless networks, Boston Malware infections hosted cloud email, framingham MA cloud based email security, Boston Virus issues Scareware cleaners Desktops email security options, Boston Netbooks computer backups, framingham computer and network security, Boston IT services, Framingham disaster recovery, Framingham SPAM filter hardware issues email has been hacked, Boston data loss, framingham cloud computing, Framingham business computer systems, Boston Emails cloud based solutions, Boston computer system security, Boston email worms, Boston ultralight laptop Sudbury Computer Repair - Sudbury MA disaster recovery, Marlborough infected websites system backups, marlborough SPAM protection, Boston multiple computer monitors, Boston protect business network, Boston infected email, Boston computer hacker protection Boston unsecure networks, Boston Micorsoft security, Boston cloud based hosted email, Framingham data recovery, framingham wireless security, Boston anti-spyware protection Sync Contacts block infected email, Boston Sudbury MA computer screen set up, Boston hacked email, Boston Malware email security, Boston worms and spoofing, Boston computer backups, marlborough malware, Boston Micorsoft bugs, Boston reliable email defense, Boston multiple computer screen, Boston computer security, Boston SPAMmers computer hard drive failure, marlborough cloud computing, marlborough Managed IT, Marlborough SPAM lists Netbook computer system set up, Boston virus scanner network security, Boston Calendar Laptop data recovery, marlborough Sudbury Computer, Boston SPAM Scareware RIM hosted cloud email, marlborough reliable email security, Boston secure wireless networks, Boston infected computer system, Boston system backups, framingham data loss, marlborough notebook infected files email has been hacked antivirus security for wireless networks, Boston IT services, Marlborough Managed IT, Framingham securing wireless networks, Boston Windows bugs, Boston multiple computer screen set up, Boston Enterprise Express Server Sudbury maintenance cloud based hosted email, Marlborough hosted email in the cloud, marlborough computer hard drive failure, framingham viruses Sudbury Computer, MA Exchange Environment ransomware, Boston