Microsoft gives you up to $15,000 USD if you find a security flaw in Spartan

[GoodBytes]

Microsoft is very serious with Spartan web browser.

It is offering a nice bounty up to $15,000 USD if you find a security flaw in the Spartan web browse.

The minimum is 500$. Basically, the more critical the security flaw is, and the more you provide details on how to reproduce it the more money you can get.

Microsoft says that if the flaw is really critical, the reward can be over $15,000

The program if only available for the Technical Preview of Windows 10. It begins 22 April 2015, and ends 22 June 2015. (so I guess we know when Windows 10 is expected to be released, now, more officially. My guess, July 1st to give them time to fix that critical error, if discovered/reported on the last day).

 

Microsoft is pleased to announce the launch of a vulnerability bounty program for Microsoft-branded internet browsers shipping with Windows 10 technical preview. The program begins 22 April 2015, and ends 22 June 2015. For the duration of the program, individuals across the globe have the opportunity to submit vulnerabilities found in Microsoft-branded internet browsers shipping on our latest pre-release Windows platform. Qualified submissions are eligible for payment from a minimum of $500 USD to $15,000 USD, and bounties will be paid out at Microsoft’s discretion based on the quality and complexity of the vulnerability. Microsoft may pay more than $15,000 USD, depending on the entry quality and complexity,

The details are that:

-> You need to be 14 years old or over

-> Needs to be previously unreported, including Remote Code Execution (RCE), Address Space Layout Randomization (ASLR) Information Disclosure Vulnerabilities, and Sandbox Escape Vulnerabilities

-> Explain in detail how to reproduce it (the more details, the better for you)

-> Cannot be a current employee or family related Microsoft employee

-> Cannot be in North Korea, Cuba, Iran, Sudan, and Syria, due to U.S sanctions

-> No companies. You need to be a person.

For full details: https://technet.microsoft.com/en-us/security/dn972323?f=255&MSPPError=-2147217396

Source: http://www.winbeta.org/news/windows-10s-project-spartan-microsoft-will-give-you-15000-usd-if-you-find-security-bugs

[Arty]

Barnacules get to work

[givingtnt]

hm. interesting... id like to find some >

[Thought]

This is a very good idea on Microsoft's part. Cash incentives will get a lot of people to go and try to exploit the browser. I do believe this should include through-Windows exploits so those can also be patched.

[CoolaxGaming]

Welp, it would have been better if they held a hackathon...

[AlwaysFSX]

This is appropriate:

[wpirobotbuilder]

I love bug bounties. The alternative to paying out $15k+ for an exploit fix is the bad guys getting wind of this and causing big problems.

[Snickerzz]

I love bug bounties. The alternative to paying out $15k+ for an exploit fix is the bad guys getting wind of this and causing big problems.

exactly! It's either pay a white hat hacker $X or have a black hat exploit it and cause millions in damages, both to the victim(s) and to your own image

[Virus__]

Awesome. Shame i'm not one who can find exploits in things

[Doobeedoo]

Nice

[Bouzoo]

Good, I'm fully qualified. Now if only I knew what the hell I should be even looking for...

[Kamina]

Gotta love dem white hat hackers.

[LAwLz]

I thought they already paid people for reporting security issues. Did that program exclude IE before?

[Majinferno]

I 99% sure geohot is going to be attempting to persue this

[FakezZ]

Barnacules get to work

"work". Right hahahahah

[BURNINGJUNK]

Security issue found: it borrows some code from IE. Where's my 15 grand?

[PerfectTemplar]

It's actually pretty reasonable rates considering the hundreds of thousands if not millions of dollars they lose every time a massive exploit is found.

[The_Strict_Nein]

I thought they already paid people for reporting security issues. Did that program exclude IE before?

I guess the bounties are bigger or they want to publicise it more

[SurvivorNVL]

$15,000.. that's so much audio-equipment and steak.  Well played Microsoft.  Well played.

[FlakeyBanana]

lol only 15k for remote code execution? do you even know how much a 0day goes for?.....

[SIGSEGV]

[Crosseyed Sniper]

What I'd like to know is; how much money do we get if we don't find any security flaws?    Gotta be worth something, right?

[ItsAFeature]

lol only 15k for remote code execution? do you even know how much a 0day goes for?.....

 

This. You have to be really honest or really afraid of prosecution to turn over a zero day RCE for $15K...

 

I'd probably pay $100K for a significant RCE vulnerability if I were them.