If you have the capacity to detect security vulnerabilities and you're looking for a nice financial reward, Microsoft has made it possible with their vulnerability bounty program for Microsoft-branded internet browsers shipping with Windows 10 technical preview.
YES! $15.000 !!
The program begins 22 April 2015, and ends 22 June 2015. For the duration of the program, individuals across the globe have the opportunity to submit vulnerabilities found in Microsoft-branded internet browsers shipping on in its latest Project Spartan browser (Microsoft’s project for its new web browser to replace the oldest Internet Explorer from its Windows operating system).
The technology giant is offering several payout categories which starts from $500 and ends with the top reaching bug bounty amount of $15,000 for eligible vulnerabilities in Spartan:
Vulnerability type | Proof of concept | Functioning exploit | Report | Payout range |
Remote Code Execution in Project Spartan | required | required | High Quality | Up to $15,000 USD* |
required | No | High Quality | Up to $6,000 USD* | |
required | No | Low Quality | Up to $1,500 USD* | |
Sandbox Escape Vulnerability with Enhanced Protected Mode or in Project Spartan | required | required | High Quality | Up to $15,000 USD* |
required | No | High Quality | Up to $6,000 USD* | |
required | No | Low Quality | Up to $1,500 USD* | |
Important or Higher Severity Vulnerability in Project Spartan or EdgeHTML.dll | required | Optional | High Quality | Up to $6,000 USD* |
required | No | Low Quality | Up to $1,500 USD* | |
ASLR Info Disclosure Vulnerability in Project Spartan or EdgeHTML.dll | required | n/a | n/a | $500 USD* |
*Higher payouts are possible, at Microsoft’s sole discretion, based on entry quality and complexity.
WHO IS ELIGIBLE TO PARTICIPATE?
You are eligible to participate in this program if:- You are 14 years of age or older. If you are at least 14 years old but are considered a minor in your place of residence, you must get your parent’s or legal guardian’s permission prior to participating in this program;
- You are an individual security researcher participating in your own individual capacity and
if you work for a security research organization, that organization permits you to participate in your own individual capacity. You are responsible for reviewing your employer’s rules for participating in this program.
WHO IS NOT ELIGIBLE TO PARTICIPATE?
- A resident of any countries/regions that are under United States sanctions, such as Cuba, Iran, North Korea, Sudan, and Syria;- A current employee of Microsoft Corporation or a Microsoft subsidiary, or an immediate family (parent, sibling, spouse, or child) or household member of such an employee;
- A contingent staff member or vendor employee currently working with Microsoft;
- A person involved in any part of the administration and execution of this program; or
an entity that isn’t an individual person (e.g., companies themselves cannot participate).
Identify an original and previously unreported vulnerability in Microsoft-branded internet browsers shipping with Windows 10 technical preview. Examples include Remote Code Execution (RCE), Address Space Layout Randomization (ASLR) Information Disclosure Vulnerabilities, and Sandbox Escape Vulnerabilities.
Discover and submit your findings by including all your details in an email to secure@microsoft.com based on the company’s bug submission guidelines! And make sure to take care of Coordinated Vulnerability Disclosure.
You like the post? Please share it with your friends :)
Source: Project Spartan Bug Bounty Program.