Microsoft, sometimes criticized for having buggy software, is opening its bug bounty program to include incident responders who submit ways to bypass the built-in security restrictions in Windows. The move expands on the bug bounty initiative the company launched in June.
Microsoft this week said incident responders and forensics experts who pre-register and sign a non-disclosure agreement could submit mitigation bypass techniques they develop or uncover. The submissions could earn up to $100,000.
Such submissions are helpful to Microsoft, and ultimately to resellers and users of the company's software, because it allows Microsoft developers to create measures that block new bypass techniques. That can prevent entire classes of attacks, as opposed to single software vulnerabilities.