Unordered List

Earn up to $ 15,000 with Microsoft's vulnerability bounty program



 If you have the capacity to detect security vulnerabilities and you're looking for a nice financial reward, Microsoft has made it possible with their vulnerability bounty program for Microsoft-branded internet browsers shipping with Windows 10 technical preview.


 YES! $15.000 !!

 The program begins 22 April 2015, and ends 22 June 2015. For the duration of the program, individuals across the globe have the opportunity to submit vulnerabilities found in Microsoft-branded internet browsers shipping on in its latest Project Spartan browser (Microsoft’s project for its new web browser to replace the oldest Internet Explorer from its Windows operating system).

 The technology giant is offering several payout categories which starts from $500 and ends with the top reaching bug bounty amount of $15,000 for eligible vulnerabilities in Spartan:

Vulnerability typeProof of conceptFunctioning exploitReportPayout range
Remote Code Execution in Project SpartanrequiredrequiredHigh QualityUp to $15,000 USD*
requiredNoHigh QualityUp to $6,000 USD*
requiredNoLow QualityUp to $1,500 USD*
Sandbox Escape Vulnerability with Enhanced Protected Mode or in Project SpartanrequiredrequiredHigh QualityUp to $15,000 USD*
requiredNoHigh QualityUp to $6,000 USD*
requiredNoLow QualityUp to $1,500 USD*
Important or Higher Severity Vulnerability in Project Spartan or EdgeHTML.dllrequiredOptionalHigh QualityUp to $6,000 USD*
requiredNoLow QualityUp to $1,500 USD*
ASLR Info Disclosure Vulnerability in Project Spartan or EdgeHTML.dllrequiredn/an/a$500 USD*
*Higher payouts are possible, at Microsoft’s sole discretion, based on entry quality and complexity.

 WHO IS ELIGIBLE TO PARTICIPATE?

 You are eligible to participate in this program if:

 - You are 14 years of age or older. If you are at least 14 years old but are considered a minor in your place of residence, you must get your parent’s or legal guardian’s permission prior to participating in this program;
 - You are an individual security researcher participating in your own individual capacity and
if you work for a security research organization, that organization permits you to participate in your own individual capacity. You are responsible for reviewing your employer’s rules for participating in this program.

 WHO IS NOT ELIGIBLE TO PARTICIPATE?

 - A resident of any countries/regions that are under United States sanctions, such as Cuba, Iran, North Korea, Sudan, and Syria;
 - A current employee of Microsoft Corporation or a Microsoft subsidiary, or an immediate family (parent, sibling, spouse, or child) or household member of such an employee;
 - A contingent staff member or vendor employee currently working with Microsoft;
 - A person involved in any part of the administration and execution of this program; or
an entity that isn’t an individual person (e.g., companies themselves cannot participate).

 Identify an original and previously unreported vulnerability in Microsoft-branded internet browsers shipping with Windows 10 technical preview. Examples include Remote Code Execution (RCE), Address Space Layout Randomization (ASLR) Information Disclosure Vulnerabilities, and Sandbox Escape Vulnerabilities.

 Discover and submit your findings by including all your details in an email to secure@microsoft.com based on the company’s bug submission guidelines! And make sure to take care of Coordinated Vulnerability Disclosure.

 You like the post? Please share it with your friends :)

 Source:  Project Spartan Bug Bounty Program.