Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available for download, and the doors officially opened for bounty-eligible submissions to secure [at] Microsoft [dot] com.
What a great week this has been!! We wanted to share how it’s going, provide some important reminders regarding eligibility of entries, and flag some key dates coming up.
One last note on how our programs are working so far: Some entries are coming from familiar researchers, and some are coming from researchers who had historically only reported issues via white market vulnerability brokers, after our beta period was over. This means that our strategy to attract researchers to report issues directly to us earlier in the release cycle is working already, just one week in to the new programs! Everyone wins – the researchers, our engineers, and especially our customers.
I’m excited by the positive response and participation in Microsoft’s first bounty programs. Keep the submissions coming, and hope to see some of the lions of the security industry come out for Black Hat to show their skills, live at our booth. You know who you are. ;-)
Katie Moussouris Microsoft Security Response Center http://twitter.com/k8em0 (that’s a zero)