Microsoft extends bug bounty scheme to include active threats and exploit techniques

Microsoft has announced an extension to its bug bounty scheme with the firm now offering up to $100,000 (£62,000) to incident response teams and forensics experts who identify and report active attacks and malware.

The company is also looking for any new techniques that can bypass exploit mitigation on the latests versions of Windows.

"We're deliberately doing this to disrupt the existing vulnerability and exploit marketplace," Katie Moussouris, Microsoft's senior security strategist at told Threat Post.

"The black market pays much higher prices, but part of what they're paying for is exclusivity and relying on the technique staying secret as long as possible. I want this to be an incentive for people to blow these ops."

Moussouris added that the plan is to to reduce the amount of time that new techniques are of any use to hackers.

To qualify for the program, organisations and individuals need to pre-register with Microsoft as contributors by sending an email to doa@microsoft.com.

If a new technique is identified, both a technical analysis as well as proof-of-concept code must be sent to Microsoft. Moussouris said that scheme should also mean organisations that are the victims of attacks will be able come forward as well.

"The reason we're asking for proof-of-concept code is that a lot of people may be shy about sharing custom malware samples because there could be identifying information in there," she said.

"We're interested in the technique. If they want to send us the sample, that's fine too. We don't see a lot of new attack techniques, because they're really rare."

Microsoft's way of working makes it different to the bug bounty offerings of most tech firms as it's security team pays for details of new attack and defence techniques, as well as individual vulnerabilities.

The company made its first $100,000 (£62,000) bounty payout last month to security researcher James Forshaw, who identified a new way of bypassing Windows exploit mitigations.