Last week, Microsoft announced that it had informed the first person who had won money in its Internet Explorer 11 preview bounty bug program. Microsoft is paying up to $11,000 to developers who find serious security issues in the web browser, but that program ends next Friday, July 26.
In a new post on the BlueHat blog, Microsoft states that its team members are getting ready for a surge of new submissions to the IE11 bounty program before it closes, adding, "we’re keeping them fed and hydrated as best we can." It also offers up some hints for developers as to what the judges are looking for in terms of bugs that are deemed worthy of the reward.
Among other bugs, the team is looking for memory corruption vulnerabilities that could be in IE11, since there is a possibility they could allow for hackers to use remote code techniques on the browser. A submission of this type must include a whitepaper that describes the issue along with "a functioning exploit that is able to bypass all relevant mitigations and run arbitrary code."
The cool thing is that if a person submits such an IE11 exploit that Microsoft considers to be "truly novel," the person will not only win the $11,000 IE11 preview bounty award but also the ongoing Mitigation Bypass Bounty award, which is worth up to $100,000.
Source: Microsoft | Image via Microsoft
-1 Comments - Add comment