Microsoft is trying to attract the The security researcher community by
offering direct cash payments in exchange for reporting certain types of vulnerabilities and exploitation techniques.
The company is launching three new bounty programs that will pay researchers for techniques that bypass built-in OS mitigations and protections, for defenses that stop those bypasses and for vulnerabilities in Internet Explorer 11 Preview.
The following programs will launch on June 26, 2013:
- Mitigation Bypass Bounty. Microsoft will pay up to $100,000 USD for truly novel exploitation techniques against protections built into the latest version of its operating system (Windows 8.1 Preview).
- BlueHat Bonus for Defense. Additionally, Microsoft will pay up to $50,000 USD for defensive ideas that accompany a qualifying Mitigation Bypass submission.
- Internet Explorer 11 Preview Bug Bounty. Microsoft will pay up to $11,000 USD for critical vulnerabilities that affect Internet Explorer 11 Preview on the latest version of Windows (Windows 8.1 Preview). The entry period for this program will be the first 30 days of the Internet Explorer 11 beta period (June 26 to July 26, 2013).
If you feel you are ready to start hunting, Microsoft's head judges have provided "New Bounty Program Details," a detailed technical post
on the SRD Blog that describes the preferred structure for submissions.