Microsoft launches major new bug bounty program

null

In order to discover future “speculative execution” CPU vulnerabilities similar to Meltdown and Spectre, Microsoft is launching a new bug bounty program that will run till the end of this year. 

The company is offering up to $250,000 for bugs similar to the Meltdown and Spectre CPU flaws which were discovered by Google's Project Zero in June of last year.  The new program will help encourage the discovery of additional flaws that could also prove to be vulnerable to exploitation by hackers. 

Security group manager at Microsoft, Phillip Misner explained the company's reasoning behind launching an entirely new bug bounty program for these types of vulnerabilities, saying: 

“Speculative execution is truly a new class of vulnerabilities, and we expect that research is already underway exploring new attack methods. This bounty program is intended as a way to foster that research and the coordinated disclosure of vulnerabilities related to these issues.” 

This is not Microsoft's only bug bounty program and the company will also pay out up to $250,000 for any serious Hyper-V flaws discovered in Windows 10. 

Intel also plans to address these types of vulnerabilities by redesigning its next-generation of Xeon processors to include new hardware protections.  The chipmaker's 8th generation of Intel Core processors will also include these same protections when they ship in the second half of 2018. 

Meltdown and Spectre took the security world by surprise and Microsoft, Intel and other companies are working to ensure that a similar shake up does not occur in the future. 

Image Credit: Gil C / Shutterstock