View previous topic :: View next topic |
Author |
Message |
heretic Site Admin
Joined: 27 May 2004 Posts: 2747
|
Posted: Sat Mar 17, 2018 11:11 am Post subject: Microsoft offers $250,000 bounty for bugs |
|
|
The January reveal of the Meltdown and Spectre speculative-execution attacks sent ripples through the entire computer industry. Part of Intel's response was a boost in bug-hunting bounties up to a cool quarter-million dollars for finding side-channel vulnerabilities. Microsoft has now joined the party and ponied up a $250,000 bounty of its own for the identification of speculative-execution flaws. Like Intel's payout bump, Microsoft's program has a ticking clock—it'll end when 2019 comes around.
Microsoft's payout program has four tiers, shown in the table below. The biggest award is handed for discovering a new class of speculative-execution attacks. The company has a separate blog post with more technical information about the known classes for that type of bug. The new bounty program augments existing programs, including one that awards as much as $250,000 for discovery of vulnerabilities in Hyper-V.
https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/ |
|
Back to top |
|
|
Wertongent Contributor
Joined: 20 Dec 2019 Posts: 7
|
Posted: Mon Dec 30, 2019 11:17 pm Post subject: |
|
|
No wonder ))) |
|
Back to top |
|
|
Alisa9 Contributor
Joined: 27 Jul 2022 Posts: 3
|
Posted: Fri Aug 26, 2022 11:17 am Post subject: |
|
|
Microsoft is introducing a new bug bounty reward for the “speculative execution” CPU vulnerabilities that were disclosed recently. The software giant is offering up to $250,000 for bugs that are similar to the Meltdown and Spectre CPU flaws. Microsoft’s bounty will run until the end of the year, and it’s clearly designed to discover additional flaws as researchers begin to look at these types of vulnerabilities in processor designs.
“Speculative execution is truly a new class of vulnerabilities,” says Phillip Misner, a security group manager at Microsoft. “We expect that research is already underway exploring new attack methods.” Microsoft wants to encourage security researchers to responsibly disclose any potential CPU flaws, and up to $250,000 is probably a good way to achieve that. Microsoft also offers up to $250,000 for serious Hyper-V flaws in Windows 10.
News of Microsoft’s Spectre response comes just as Intel is preparing its own CPU changes for the future. Intel is redesigning its processors to protect against attacks like Spectre, and the company’s next-generation Xeon processors (Cascade Lake) will include new hardware protections, alongside 8th generation Intel Core processors that ship in the second half of 2018. Data analytics companies existing CPUs will be protected with firmware updates, but it’s obvious that the industry wants to address these new problems at the fundamental hardware design level to ensure future devices are protected. |
|
Back to top |
|
|
BlackMyth1 Contributor
Joined: 05 Dec 2023 Posts: 1
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2666 phpBB Group
|
|