Later this month, Microsoft will start doing something it has never done before. Starting June 26, Microsoft will pay a cash bounty to hackers who find undiscovered security holes in Windows 8 and Internet Explorer 11 and submit them.
In this case, “hackers” doesn’t mean people who find flaws in Windows and use them to make money, but researchers who hack software to let vendors know what they need to fix.
Here’s a breakdown of Microsoft’s Windows bug bounty program:
Microsoft will pay up to $100,000 for “truly novel exploitation techniques” that can be used to break the security tech in the Windows 8.1 preview, Katie Moussouris, senior security strategist at Microsoft, said in a Wednesday blog post.
To be eligible for the $100,000, a contestant must write code that can be used to take control of a Windows PC over the Internet, which is the most severe type of flaw.
Contestants can get up to $50,000 more if they can also develop a way to defend against the code they’ve written.
Microsoft will also pay up to $11,000 for flaws that affect its Internet Explorer 11 Preview, which runs from June 26 to July 26.
This is an important move for Microsoft. While other vendors have paid bounties for security flaws for years, Microsoft has resisted doing so, in part because it has a huge in-house security research team.
Now Microsoft has decided that crowdsourcing discovery of security flaws, and paying a bounty to researchers who find them is a way to keep Windows 8 from becoming a hackers’ playground.
Judging from researchers’ reactions on Moussouris’ Twitter on Wednesday, Microsoft’s bounty program is already a hit.