Browsing Category: Microsoft

Attackers Targeting MS13-055 IE Vulnerability

Categories: Microsoft, Vulnerabilities

Attackers are using an Internet Explorer vulnerability, which Microsoft patched yesterday, in targeted attacks that also employ a malicious Flash file installed through a drive-by download launched by compromised Web pages. The exploit that’s being used is capable of bypassing both ASLR and DEP.

Read more...

Researchers Find Bug Bounty Programs Pay Economic Rewards

Categories: Microsoft, Vulnerabilities

Bug bounty programs can be as much as 100 times more cost-effective for finding security vulnerabilities than hiring full-time security researchers to do the same thing. New research from the University of California at Berkeley, which focused on bug bounty programs run by Google and Mozilla, found that each of these programs has cost the vendor about $400,000 over the course of three years, far less than it would’ve cost to hire employees to find the same number of vulnerabilities.

Read more...

Microsoft’s Bug Bounty Program and the Law of Unintended Consequences

Categories: Microsoft, Vulnerabilities

The Microsoft bug bounty program has been nearly a decade in the making and it is clear from the shape and size of it that the company did not simply slap the program together in order to join the cool kids. Microsoft’s security team spent years watching the way other programs work, seeing what incentives attract good researchers and looking for a system that made sense for Microsoft’s specific goals.

Read more...

Microsoft Launches $100,000 Bug Bounty Program

Categories: Microsoft, Vulnerabilities

After years of saying that the company didn’t need a bug bounty program, Microsoft is starting one. The company today will announce the start of a new program that will pay security researchers up to $100,000 for serious vulnerabilities and as much as $50,000 for new defensive techniques that help protect against those flaws.

Read more...