Microsoft celebrates the artistry of information security (aka bug bounty hunting)

The information security community is responding enthusiastically to Microsoft’s bounty program, announced three weeks ago, and what’s more, the Black Hat conference in Las Vegas will feature some live-action “exploitation” excitement.

Later this month, some of the best and brightest security researchers will gather in Las Vegas for the Black Hat conference on information security. At noon on July 31 and August 1, Microsoft will be judging live “mitigation attempts” at its booth. Even if you don’t have a new exploitation technique to try out, stop by to check out the “exploit art walk,” the work of those who have the skills to bypass the latest platform defenses — they are “true artists, and a rare breed,” writes Katie Moussouris, senior security strategist at Microsoft, on the BlueHat blog.

Microsoft’s new bounty program encourages people to search for vulnerabilities in Internet Explorer 11 Preview and Windows 8.1 Preview in return for cash from Microsoft. The two platform-wide bounty programs will pay up to $100,000 for a truly novel exploitation technique, and up to a $50,000 bonus for defense. Last week saw the program’s first bounty recipient, someone who found an IE11 bug that was confirmed and validated (translation: that person is getting paid).

For more on the bounty program, including official rules and guidelines, check out the Microsoft BlueHat blog.

You might also be interested in:

Jennifer Warnick
Microsoft News Center Staff