Microsoft BlueHat Blog

  • Congratulations to James Forshaw Recipient of Our First $100,000 Bounty for New Mitigation Bypass Techniques!

    Congratulations to James Forshaw for coming up with a new exploitation technique to get our first ever $100,000 bounty. A security vulnerability researcher with Context Information Security , James already came in hot with design level bugs he found during...
  • Bounty Evolution: $100,000 for New Mitigation Bypass Techniques Wanted Dead or Alive

    Those who know me personally or follow me on Twitter are familiar with my obsession with karaoke. I do it as often as I can rope people into going with me, never forcing anyone to sing, though invariably everyone does – or at least sings from the...
  • Heart of Blue Gold – Announcing New Bounty Programs

    Our Philosophy At the heart of our community outreach programs, we’ve always had the same philosophy: help increase the win-win between Microsoft’s customers and the security research community. We have evolved and deepened our relationships...
  • Filling A Gap In the Vulnerability Market – First Bounty Notification

    When Microsoft decided to offer not one but three new bounties, paying outside researchers directly for security research on some of our latest products, we put a lot of thought into developing those bounty programs. We developed a customized set of programs...
  • BlueHat v13 is Coming

    This week, starting Thursday, we’ll be hosting our 13 th edition of BlueHat. I’m always so impressed with the level of knowledge we attract to each BlueHat, and while the event is invite-only, we’ll be sharing glimpses into the event...
  • New MAPP Initiatives

    Hi everyone, Some of you may recall the launch of the Microsoft Active Protections Program (MAPP) back in 2008, when we began giving antivirus vendors security bulletin information early, so that they could develop and test signatures for vulnerabilities...
  • Bug Bounty Evolution: Online Services

    Today marks the next evolution in bounty programs at Microsoft as we launch the Microsoft Online Services Bug Bounty program starting with Office 365. In our mobile first, cloud first world, this is an exciting and logical evolution to our existing bug...
  • Bounty News Update: Bountiful Harvest

    Fall is a season traditionally associated with a harvest after planting the seeds and tending the crops. Today I’m proud to announce the names of six very smart people who have helped us make our products more secure by participating in our new...
  • Attention Bounty Hunters – The Ramp Up to Black Hat

    We’re three weeks into our new world of bounties for Microsoft products now, and as the clock ticks down on one program, we’re prepping for some live excitement with one of the others. First, the Internet Explorer 11 Preview Bounty is entering...
  • MAPP Initiatives Update – Knowledge Exchange Platform

    A little more than a month ago, we announced some new initiatives for the Microsoft Active Protections Program (MAPP). One of those announcements was “MAPP for Responders.” The initial response has been extremely positive, so we wanted to...
  • Preparing for Live Pwnage: Mitigation Bypass Bounty Machine Specs for Black Hat

    With about one week to go before we all gather at Black Hat in Las Vegas, we’re getting inquiries about precisely how the promised Live Mitigation Bypass Bounty judging at Black Hat will work. For most of the world, it works best when you get a...
  • New Bounty Programs – One Week In

    Two weeks ago, Microsoft made an important evolutionary step in our work with the security community when we announced our first-ever bounty programs for security issues. One week ago, the Windows 8.1 Preview and Internet Explorer 11 Preview became available...
  • BlueHat v14 is almost here

    It’s that time of year and BlueHat v14 is almost upon us. As always, BlueHat is an opportunity for us to bring the brightest minds in security together, both internal and external, to discuss and tackle some of the hardest problems facing the industry...
  • Doors Open for New Bounty Programs

    As we announced last week , Microsoft is now offering $100,000 bounties for new exploitation techniques that can bypass our latest platform-wide defenses and up to $50,000 bonus bounties for defense ideas. We’re also offering (from now until July...
  • On the Shoulders of Blue Giants

    Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice ...
  • Inside the MAPP program

    Handle: Cluster IRL: Maarten Van Horenbeeck Rank: Senior Program Manager Likes: Slicing covert channels, foraging in remote memory pools, and setting off page faults Dislikes: The crackling sound of crypto breaking, warm vodka martni ...
  • The BlueHat Prize V1.0 – And the Winners Are…

    Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice ...
  • Microsoft is sponsoring the Cyber Security Challenge UK

    The global adoption of computing continues to draw attackers toward ever-richer targets. The latest data from the Microsoft Security Intelligence Report shows that although industry-wide vulnerability disclosures are down (and computer defenses are improved...
  • The BlueHat Prize Survey at BlackHat – Submit Security Defense Questions for a Chance to Win $5000

    Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice ...
  • BlueHat Prize v1.0 Finalists – One of These People Will Win $200,000 (AKA Mad Loot)!

    Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice ...
  • BlueHat Prize entries: The final tally is…

    Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice ...
  • Beliefs from an Ex-softy

    Jared Pfost here. I'm fired up to present at BlueHat. I really appreciate Noelle reaching out so it was a no brainer when asked to spin up a blog post. One thing that keeps popping up is my status as a former blue badge. Actually I'm a former twice over...
  • Nine to tide you over: Video highlights from BlueHat v12

    It has been nearly four months since we gathered in Redmond for BlueHat v12, and we’ve almost caught up on our sleep. As we prepare for what promises to be a momentous year for the BlueHat program – culminating in December with BlueHat v13...
  • Peace Games - BlueHat Prize Update and Countdown

    Handle: k8e IRL: Katie Moussouris Rank: Senior Security Strategist Lead, Head of Microsoft’s Security Community and Strategy Team Likes: Cool vulns, BlueHat, soldering irons, quantum teleportation Dislikes: Rudeness, socks-n-sandals, licorice ...
  • Announcing BlueHat v12

    The days are getting shorter, the holidays are getting nearer, and looming on the horizon are a trio of 12’s – it’s almost time for the 12 th BlueHat Conference, on tap for the twelfth month of 2012. We have a terrific lineup of speakers...